DoorDash data breach leaves some customers’ personal information exposed

Protecting yourself after a data breach
Published: Sep. 1, 2022 at 10:14 PM CDT|Updated: Sep. 2, 2022 at 12:02 AM CDT
Email This Link
Share on Pinterest
Share on LinkedIn

BIRMINGHAM, Ala. (WBRC) - DoorDash was involved in a data breach, leaving an undisclosed number of customers’ personal information exposed.

The online food delivery company reported that a third-party vendor was the target of a phishing scheme. Information such as names, emails, phone numbers, and the last four digits of some credit cards were released.

In an online blog, the company said:

“DoorDash recently detected unusual and suspicious activity from a third-party vendor’s computer network. In response, we swiftly disabled the vendor’s access to our system and contained the incident.

Based on our investigation, we determined the vendor was compromised by a sophisticated phishing attack. The unauthorized party used the stolen credentials of vendor employees to gain access to some of our internal tools.

The advanced tactics used appear to be connected to a wider phishing campaign that has targeted a number of other companies. We understand that law enforcement is aware of this campaign and is actively investigating. We have contacted them to offer our support.”

“Even the most sophisticated company can have a cyber breach and suffer what DoorDash has suffered here,” said Jay Town, the vice president and general counsel for Gray Analytics. He is also a former US Attorney for Northern Alabama.

Town says there are people who will use this personal information for awful purposes on the dark web. He says it could also be used to open up credit cards in your name or even guess passwords.

You can never be too careful.

“It’s always good to have maybe multiple email addresses for different types of commercial activity that we use on our devices so that if people guess one, they’re not guessing all,” he added.

It’s the same for passwords. Town says you should not use the same one for all platforms.

So the breach has already happened. What do you do now?

“Short of going and getting your own food, contact DoorDash and find out if your information has in fact been compromised,” said Town. “Change your passcodes, change your passwords, if you can change your email address or any other PII that you’re using on the application, you should do so.”

He also recommends getting a VPN or virtual private network to better protect your information and your devices.


Subscribe to our WBRC newsletter and receive the latest local news and weather straight to your email.

Copyright 2022 WBRC. All rights reserved.