DoorDash Data Breach Leaks 4.9 Million Records

The data breaches just keep coming.

On Thursday, September 26, 2019, DoorDash announced a breach that impacted approximately 5 million users. This includes merchants, customers, and workers — anyone who had an account with DoorDash. Consumers are going to have to be increasingly cautious about data breach attacks, and DoorDash may suffer a hit to its reputation.

Let’s take a closer look at the breach, and find out how it may have affected you or anyone else you know who uses DoorDash.

What Data Was Compromised?

Quite a lot. DoorDash states that email addresses, delivery addresses, user names, passwords, driver’s licenses, and the last four digits of bank accounts and credit cards were revealed. That’s enough for most people to get their identity stolen. Only drivers are at risk for having their licenses exposed, but this could also lead to issues — some 100,000 licenses were revealed.

According to DoorDash, this impacted only users who joined DoorDash before April 5, 2018. DoorDash further committed to resolving the security issues that had caused the problem. While passwords were stolen, the passwords were hashed: the attackers will have no way of knowing what the original password was, because it’s encrypted.

In their statement, DoorDash mentioned that a third-party service provider was the culprit. This is extraordinarily common. Many businesses operate with dozens of third-party solutions, all of which need to maintain their own security.

Users are encouraged to change their DoorDash passwords, though DoorDash has stated that none of the information that was released would enable someone to put orders through on their accounts. DoorDash has further taken action to directly notify users who were impacted by the breach, though everyone with a DoorDash account should be cautious.

Not the First Issue for DoorDash

DoorDash has been under fire for its tipping processes, which would use customer tips to pay the DoorDash fee. Under DoorDash’s tipping model, drivers would get a DoorDash fee as well as a customer tip. If the customer didn’t tip, they would get the DoorDash fee alone. If the customer tipped, the customer tip would be used for the DoorDash fee before being given to the driver. DoorDash has since fixed this issue.

But with this large security breach, DoorDash has even more controversy on its hands. Many tech startups quickly outgrow their security, and find it difficult to scale their security processes. A data breach of this size can impact DoorDash’s valuation, as well as the trust that customers, businesses, and employees have in the system.

In the world of meal delivery services, there’s a lot of competition. Grubhub, Postmates, and Uber Eats are all major competitors within the space. DoorDash has been winning the battle thus far, but many businesses are now exploring other options. Meal delivery services like Grubhub and DoorDash have been creating issues for restaurateurs and cutting into their profits, and many restaurants are trying to establish their own delivery services.

Protecting Your Data in a Data-Centric World

Consumers may have noticed that data breaches are happening left and right. Most people have had their data breached at least once, which is all it takes. Once the information is out there, there’s no way to delete it. It’s likely that many people have, at minimum, their login names, email addresses, full names, and home addresses out there.

So what can customers do in the face of all these data breaches? Lock down their credit reports and invest in credit monitoring services. You can freeze your credit reports with the three credit reporting bureaus. This means that no new accounts will be able to be opened under your name without you verifying it first.

But that doesn’t mean that your identity can’t be used for anything else. Identities can be used for fraudulent employment, for instance, and there’s often no way to tell until the IRS comes calling.

These data breaches are going to continue to be prolific, and all a consumer can really do is try to be vigilant about their credit monitoring, and to check all their mail in the event that they get notified of discrepancies. For DoorDash, the data breach doesn’t look good — not only is it a substantial breach, with a lot of records and a lot of data, but the company itself was already under scrutiny.


Most Popular

These content links are provided by Content.ad. Both Content.ad and the web site upon which the links are displayed may receive compensation when readers click on these links. Some of the content you are redirected to may be sponsored content. View our privacy policy here.

To learn how you can use Content.ad to drive visitors to your content or add this service to your site, please contact us at [email protected].

Family-Friendly Content

Website owners select the type of content that appears in our units. However, if you would like to ensure that Content.ad always displays family-friendly content on this device, regardless of what site you are on, check the option below. Learn More



Most Popular
Sponsored Content

These content links are provided by Content.ad. Both Content.ad and the web site upon which the links are displayed may receive compensation when readers click on these links. Some of the content you are redirected to may be sponsored content. View our privacy policy here.

To learn how you can use Content.ad to drive visitors to your content or add this service to your site, please contact us at [email protected].

Family-Friendly Content

Website owners select the type of content that appears in our units. However, if you would like to ensure that Content.ad always displays family-friendly content on this device, regardless of what site you are on, check the option below. Learn More