Skip to main content

Doordash data breach affects 4.9 million people, divulges physical addresses

Doordash is the latest tech company to suffer a major data breach. The company has announced that an unauthorized third party was able to gain access to Doordash user data on May 9, 2019, in a breach that affected a hefty 4.9 million users, delivery drivers, and merchants. According to the company, users who joined after April 5, 2018, were not affected by the breach.

“We take the security of our community very seriously. Earlier this [year], we became aware of unusual activity involving a third-party service provider,” said the company in a blog post. “We immediately launched an investigation and outside security experts were engaged to assess what occurred.”

The unauthorized party was able to access quite a bit of information too. According to the company, breached information included names, email addresses, physical addresses, phone numbers, and hashed and salted passwords. These passwords were encrypted in a way that essentially makes them useless to third parties.

Even some financial information was accessed — though nothing that should be of use to the hackers. Financial information accessed includes the last four digits of credit cards, though full credit card numbers weren’t accessed. When it comes to merchants and deliver drivers, the last four digits of bank accounts were accessed — though again, not full numbers. License numbers for 100,000 deliver drivers was also accessed.

It’s a pretty massive breach, not just because of the number of users affected, but also because of the kind of information that was accessed. Sure, financial information was limited, but the fact that physical addresses were accessed is pretty scary — especially for those that value their privacy.

Doordash says that it has taken appropriate steps to secure any other data, including “adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats.”

According to the company, if you were one of the affected users, you’ll receive an email detailing the information that was accessed. The company also says that while passwords were not compromised, users wary about their information should still change their passwords to one that is unique to Doordash.

Editors' Recommendations

Christian de Looper
Christian’s interest in technology began as a child in Australia, when he stumbled upon a computer at a garage sale that he…
Yahoo’s 2013 data breach is worse than believed — 3 billion users were affected

In December 2016, Yahoo disclosed that its servers were hacked way back in 2013, compromising the sensitive personal data of around 1 billion users. On Tuesday, Yahoo's new parent company, Verizon, confirmed that the initial estimate was a bit low -- in fact, all Yahoo accounts were compromised in the 2013 hack. That's 3 billion users, making it the largest data breach in history.

"Subsequent to Yahoo's acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft," reads a statement from Verizon subsidiary Oath.

Read more
Reset those passwords — again: Over 6 million ClixSense users compromised by data breach
A hand on a laptop in a dark surrounding.

ClixSense, a site which pays users to view ads and take surveys, was the victim of a massive data breach compromising around 6.6 million user accounts.

Usually when there’s a data breach of this size, the information stolen contains usernames, passwords, and some other personal information, but due to the nature of ClixSense and the service it provided, home addresses, payment histories, and other banking details have also been compromised.

Read more
Data breach at Acer’s US website exposes names, mailing addresses, and credit cards
Acer Chromebook 14 CB3-431-C5FM

Computer manufacturer Acer has suffered a data breach at its U.S. e-commerce site,, that could possibly affect anyone that purchased from the site over the last year or so.

According to a letter sent by Acer to the California Attorney General’s office, the hack happened over a year ago. Customers who accessed the site between May 12, 2015 and April 28, 2016 may have had their data compromised. This includes names, mailing addresses, credit card numbers, expiry dates, and even the card's CCV security codes.

Read more