Popular App Sustains Security Breach
We’re living in the future when we can get our favorite restaurant quality food delivered to our door. Somebody ought to do the same for DoorDash though, except replace food with “good cybersecurity.” Yes, unfortunately, the popular DoorDash app has been hit with a whopper, and it’s not a Burger King special.
Earlier in the year, DoorDash was the target of a major third-party breach. This started at the beginning of May 2019, discovered in early September 2019. If that doesn’t raise a few red flags, then the total affected user count should: about 4.9 million users were reported to have been affected, from Dashers to merchants and customers. Though, if we’re honest, we’ve heard number claims like this before from major companies, only to see the company admit a few months later the number was higher.
Regardless, those who joined the app platform before April of 2018 are victims of the attack. Anyone after the date is safe. Still, this doesn’t lessen the gravity of the user breach and demonstrates just how catastrophic a data breach can be.
For those who were affected, this was the type of information stolen:
- A variety of personal data caches, from customer names, emails, non-encrypted passwords, addresses, and in some cases the last digits of their payment cards
- For an estimated 100K users, driver’s license numbers were stolen
DoorDash has, obviously, requested anyone suffering from the data breach rest their password (and will have likely done so already). As for future defenses, they’re increasing the security around how information is selected, accessed, and distributed.
Post-breach, some customers reported that their emails were changed and orders were being fulfilled by unknown third parties (in some cases even charging their cards).
It’s another harrowing sign of how breaches can impact people and businesses and big reason why cybersecurity remains a growing, important field.