Advertisement

Food delivery app DoorDash reports data breach affecting 4.9M users

DoorDash says an unauthorized third party has potentially accessed the information of 4.9 million customers, drivers and merchants.
DoorDash says an unauthorized third party has potentially accessed the information of 4.9 million customers, drivers and merchants. Getty Images

Food delivery app DoorDash says it is enhancing security after being hit by a data breach earlier this year that potentially affects 4.9 million consumers, couriers and merchants in Canada and the U.S.

In a blog post on Thursday, the company said customer data that was accessible may include names, order history, email addresses, phone numbers and “hashed, salted passwords” that would be indecipherable to anyone viewing them.

READ MORE: DoorDash coming to Manitoba, restaurant association calls it ‘viable alternative’ to SkipTheDishes

The last four digits of some customer payment cards and driver and merchant bank accounts were also potentially viewed, though the company said such financial information is not enough to make fraudulent purchases or withdrawals.

The driver’s licence numbers of about 100,000 of the app’s couriers were also affected.

The breach only impacts those who joined the platform on or before April 5, 2018, the post said.

Story continues below advertisement

DoorDash said an investigation was launched earlier this month after the company became aware of unusual activity involving a third-party service provider.

DoorDash did not specify who that provider was or what service was provided.

WATCH: How you can protect yourself from digital fraud

How you can protect yourself from digital fraud
How you can protect yourself from digital fraud

It was later determined that the third party accessed some user data on May 4, the company said.

“We took immediate steps to block further access by the unauthorized third party and to enhance security across our platform. We are reaching out directly to affected users.”

READ MORE: Winnipeg-based delivery company Skip the Dishes backing out of U.S. market

The app, similar to Uber Eats, Foodora and Skip the Dishes, allows customers to pay for meals from a list of participating restaurants and have them delivered.

DoorDash offers the service in 78 Canadian cities, including major centres such as Toronto, Montreal and Vancouver, and says it is on track to expand to 100 cities by the end of the year.

WATCH: How to better protect yourself from data hacking

How to better protect yourself from data hacking
How to better protect yourself from data hacking

The company declined to say how many Canadian users were affected, citing security concerns.

Story continues below advertisement

“We have directly notified those individuals who are involved,” a spokesperson said via email.

READ MORE: Hearing on Foodora union gets underway at labour board in Toronto

DoorDash is telling users to change their passwords, though it says there’s no evidence they were compromised.

“We have taken a number of additional steps to further secure your data, which include adding additional protective security layers around the data, improving security protocols that govern access to our systems and bringing in outside expertise to increase our ability to identify and repel threats.”