The cost of convenience is growing for those who are too lazy to leave the house for takeout. App-driven food delivery service DoorDash admitted in a blog post today that a third-party service accessed the data of more than 4.9 million customers. It affects anyone who joined the platform on or before April 5, 2018.
The data that “could” have been accessed include “names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords.” The last four digits of consumer payment cards and/or bank account numbers may have also been stolen. License numbers for nearly 100,000 “Dashers” (deliverers) might be out there, too.
We do not believe that user passwords have been compromised, but out of an abundance of caution, we are encouraging all of those affected to reset their passwords to one that is unique to DoorDash. You can change your DoorDash password by visiting https://www.doordash.com/accounts/password/reset/ and using the email address associated with your DoorDash account.