DoorDash has just today announced that they discovered a data breach earlier this month (while the Door Dash data breach occurred in May of 2019, they only just discovered it this month). Here is the information you need about the DoorDash data breach.
First, what do you need to do? You need to go into your DoorDash account and change your password.
Log in to your DoorDash account here
Now, here is the announcement that DoorDash sent to their users (note that DoorDash’s handling of their data breach is very different from how Animoto handled their data breach, which you can read about here).
DoorDash Notification of Data Breach
We take the security of our community very seriously. Earlier this month, we became aware of unusual activity involving a third-party service provider. We immediately launched an investigation and outside security experts were engaged to assess what occurred. We were subsequently able to determine that an unauthorized third party accessed some DoorDash user data on May 4, 2019. We took immediate steps to block further access by the unauthorized user and to enhance security across our platform.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
What information was involved
Based on that investigation, we believe that some of your DoorDash user account information has been accessed.
The type of data that has been accessed could include profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords—a form of rendering the actual password indecipherable to third parties. For some consumers, the last four digits of consumer payment cards were also accessed. However, full credit card information such as full payment card numbers or a CVV was not accessed. This means that the information accessed is not sufficient to make fraudulent charges on your payment card.
What steps we’ve taken
We immediately blocked further access by the unauthorized user. We have also taken a number of additional steps to further secure your data, which include adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats.
What should you do?
We do not believe that user passwords have been compromised, but out of an abundance of caution, we are encouraging all of those affected to reset their passwords to one that is unique to DoorDash. As a best practice, if you use the same password for multiple accounts, we recommend that you reset your passwords for all those accounts. You can change your DoorDash password by visiting https://web.archive.org/web/20221231043248/https://www.doordash.com/accounts/password/reset/ and using the email address associated with your DoorDash account.
We deeply regret the frustration and inconvenience that this may cause you. For further information, please see our blog and FAQ page at blog.doordash.com. We’ve also set up a dedicated call center available 24/7 for support at 855-646-4683.
Every member of the DoorDash community is important to us, and we want to assure you that we value your security and privacy. We are in the process of reaching out to those affected by this incident, and you may receive multiple communications from us if you are also a DoorDash merchant or Dasher. We know that you trust us to connect you with the best of your community, and we will never take that trust for granted.
—Team DoorDash
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
