4.9 Million Impacted by DoorDash Data Breach

The $4 Billion food delivery startup received dozens of complaints from its subscribers regarding their accounts getting hacked.


On May 4th 2019, DoorDash, a well established food delivery service faced a major data breach that affected at 4.9 million individuals if not more.

The impacted group involved not just customers, but also DoorDash employees and merchants.

The company released the information explaining the magnitude of the breach. Any subscribers after the data breach were not affected in any way.

What user data is at risk?

Just like most data breach incidents we have covered on Delcom Infotech, this one’s no different. The affected user data includes names, phone numbers, order history, user email and delivery addresses.

In many cases, the last four digits of the user payment cards was also accessed. However, it’s unclear how the full credit card information and CVV number was secured by DoorDash.

Along with the last four digits of the credit cards, the last four of the user and merchant social security numbers were compromised as well.

As per the reports, approximately 100,000 Doordash subscribers’ drivers license numbers were also obtained by the hackers.

In various cases, the users had reported various complaints about their accounts being hacked and received confirmation of orders placed without their permission, last year.

Tony Xu, co-founder and chief executive officer of DoorDash Inc., Photographer: David Paul Morris/Bloomberg | Image source: theinformation.com

DoorDash completely denied the claims the users had made and in return justified by saying there was no evidence that the data breach had occurred, upon investigation.

Many users contacted DoorDash to seek resolution to the issue. Said they never received a response from the company. Any response received had little to no resolution whatsoever.

Steps taken after the data breach?

DoorDash has committed itself to take various precautionary measures to identify and deflect future cyber threats. Some of the measures to secure user data include:

– Hiring professionals experts to target and destroy future threats.

– Improving security protocols and monitor access to firm’s software security systems.

– Adding protective layers to the process of collecting user information and creating a secure user environment.

Hopefully, DoorDash ensures the privacy and security of user information and develops a better ecosystem to prevent these vulnerabilities in the future.

TechCrunch mentioned in an article, “The company also would not say if it plans to roll out countermeasures to prevent credential stuffing, like two-factor authentication.”

Does this mean DoorDash is risking user information again?

In the meantime, DoorDash subscribers and merchants have been advised to make changes to their existing usernames and passwords, as well contact their respective financial institutions to alert them about the incident and possibly request replacement payment cards to be safe.