DoorDash customer data hit in phishing attack
Passwords and payment data are safe, DoorDash says
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Delivery and takeout firm DoorDash has had some of its customer data accessed as the result of a phishing attack, it has confirmed.
In ablog post, the company said it was the latest to be affected by the knock-on effects of a cyberattack thathit Twilio earlier this month.
DoorDash said that when the unknown attackers breached Twilio’sendpoints, they stole login credentials that some Twilio employees used to access certain DoorDash tools. Using those credentials, the attackers proceeded to access sensitive data it was holding.
Passwords and payment data safe
The company did not give out the specific number of users affected by the breach asides from saying a “small percentage” of individuals could be impacted, but did confirm what data was accessed.
“For consumers, the information accessed primarily included name, email address, delivery address, and phone number,” the blog reads. “For a smaller set of consumers, basic order information and partial payment card information (i.e., the card type and last four digits of the card number) was also accessed. For Dashers, the information accessed by the unauthorized party primarily included name and phone number or email address.”
Passwords, full payment card numbers, bank account numbers, Social Security numbers, and Social Insurance numbers, were not accessed, the company confirmed, also adding that it found no evidence of the compromised data being used for fraud oridentity theft.
This dangerous fake Chrome extension could be hurting your device without you knowing>Signal says hundreds of users may have been hit in phishing attack>Best malware removal today: paid and free services
To mitigate the issue, DoorDash blocked Twilio’s access to its systems for the time being. It also said it “further enhanced” its security systems, as well as its third-party vendor’s security systems, without detailing exactly what was done.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“We have also shared security alerts with other third-party vendors detailing the specific tactics used and reminded employees and third-party vendors to be on alert for any suspicious activity.”
The company also brought in a cybersecurity firm to assist with the ongoing investigation, notified its users, and contacted law enforcement.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Washington state court systems taken offline following cyberattack
Is it still worth using Proton VPN Free?
Filming with an iPhone? A smart, AI-powered gimbal from Hohem can help
