Nearly 5 million people who use or work with food delivery service DoorDash are affected by a data breach, the company disclosed on Thursday. The affected data includes names, addresses, phone numbers, order history, and other details.
“Earlier this month, we became aware of unusual activity involving a third-party service provider,” the company said in a statement on its website. “We immediately launched an investigation and outside security experts were engaged to assess what occurred.”
The investigation found that an “unauthorized third party” accessed some user data on May 4. For 4.9 million costumers, Dashers, and merchants who joined on or before April 5, 2018, this data could include their name, email address, order history, phone number, and encrypted password.
For some costumers, the last four digits of their payment cards or the last four digits of their bank account number may also be affected, the company said. This, however, is not sufficient to make fraudulent charges or withdrawals. For about 100,000 Dashers, their driver’s license numbers were also accessed.
“We are reaching out directly to affected users with specific information about what was accessed,” the company said. “We do not believe that user passwords have been compromised, but out of an abundance of caution, we are encouraging all of those affected to reset their passwords to one that is unique to DoorDash.”