- REUTERS/Lisa Baertlein
- DoorDash suffered a data breach earlier this year that affected 4.9 million people and businesses, the company announced Thursday.
- Hackers obtained names, delivery addresses, contact information, and partial credit-card information.
- DoorDash has outlined steps users can take to see whether they’re affected and secure their data going forward.
- Visit Business Insider’s homepage for more stories.
The delivery service DoorDash suffered a data breach earlier this year that affected the information of 4.9 million users, delivery workers, and restaurants, the company announced Thursday afternoon.
The breach occurred May 4 and affects some users who started using the app before April 5, 2018, the company said.
DoorDash said an unauthorized third party was able to access some users’ profile information, including names, email addresses, delivery addresses, order history, and phone numbers.
The last four digits of some consumers’ credit cards were also accessed, but not full card numbers or CVVs, according to the company. For some delivery workers and restaurants, the unauthorized third party accessed the last four digits of bank-account numbers. This credit card and banking information is not sufficient to make fraudulent charges or withdrawals, DoorDash said.
DoorDash recently surpassed Uber Eats as the second-largest food-delivery service in the US after GrubHub, the parent company of Seamless and Eat24, according to Quartz. It is valued between $6 billion and $7 billion.
Months before the data breach was announced, the food-delivery app drew scrutiny over its tipping policy, in which tips were sometimes used to subsidize delivery workers’ wages rather than adding to them. DoorDash has since announced changes to its tipping policy.
Am I affected by the DoorDash data breach?
DoorDash said it had begun contacting people affected by the data breach and would continue to do so in the coming days.
Those who joined DoorDash after April 5, 2018, are not affected and can rule themselves out as a victim of the breach.
The company recommended, however, that even those who hadn’t been contacted by DoorDash regarding the breach should still change their password immediately to be safe.
If you have questions for DoorDash about the breach, the company has also set up a help line that can be reached at 1-855-646-4683.
Read DoorDash’s full statement on the breach here.