Skip to content

Doordash Breach (4.9 Million Customers Affected)

End of september, Doordash confirmed a data breach which affected 4.9 million customers, workers, merchants. Doordash is a popular food delivery company and their data was stolen by a group of hackers. They also informed, customers who affected after 5 April 2018 were not affected. The breach from data is known to have happened in May 4 and it took 5 moths to get detected. User details such as name, email, delivery address, passwords (hashed and salted), ordering history, last 4 digits of card were stolen. Around 100,000 delivery workers had their driver license details stolen.

>> Discover & Test your Ransomware Attack Surface

Why It Happened ?

The company got aware of a suspicious activity from a third party vendor. On investigation, it was found a third party unauthorized access was done around May 2018. DoorDash said it blocked the unauthorized user’s access, added additional protective security layers around the data, improved security protocols that govern access to systems, and brought in outside expertise.

>>[Request Demo] - Get the Hacker’s View Of Your Attack Surface

What Can You Learn ?

The above attack used various loopholes at various stages and we can list a few mitigation steps from it.

  • Encryption all sensitive data must always be encrypted which ensures if a data is stolen it renders of no use. Despite being common practice it is known in cases like facebook database breach, plain texts are often stored
  • Third Party Security measures to make sure any vulnerability doesn’t affect one’s own customers
  • PII regulations within the company for careful distribution of PII. Collection of PII only restricted to only when absolutely necessary
  • Third Party Risk Assessment Modern tools enable one to understand the threat landscape arising from their vendors

>> Discover & Test your Ransomware Attack Surface

References

https://www.cnet.com/news/doordash-data-breach-affected-4-9-million-customers-workers-and-merchants/

DoorDash confirms data breach affected 4.9 million customers, workers and merchants

>> Discover & Test your Ransomware Attack Surface

Author Image

Priyanka Aash

Priyanka has 10+ years of experience in Strategy, Community Building & Inbound Marketing and through CISO Platform has earlier worked with marketing teams of IBM, VMware, F5 Networks, Barracuda Network, Checkpoint, and more. Priyanka is passionate about Entrepreneurship and Enterprise Marketing Strategy. Earlier she co-founded CISO Platform- the world’s 1st online platform for collaboration and knowledge sharing among senior information security executives.