DoorDash Inc. on Thursday reported a knowledge breach affecting its clients and supply staff that stems from a phishing assault on a third-party vendor.
The app-based supply platform mentioned the knowledge accessed included buyer names, e mail addresses, supply addresses and cellphone numbers, in addition to order info and partial payment-card info. Names, cellphone numbers or e mail addresses of DoorDash
staff had been additionally compromised, in response to an organization weblog publish.
DoorDash mentioned in its weblog publish that the quantity affected represented “a small proportion” of people whose info it holds. When reached Thursday, an organization spokesman wouldn’t give a extra particular quantity.
DoorDash additionally mentioned in its weblog publish that in response to its investigation of this newest breach, it doesn’t seem that passwords, full payment-card numbers, checking account numbers, or Social Safety or Social Insurance coverage numbers had been accessed. The corporate spokesman mentioned that due to that, and the truth that the corporate doesn’t consider any affected private info has been misused for fraud or identification theft to this point, DoorDash is notifying customers solely the place required.
DoorDash mentioned it investigated the breach and decided that “the unauthorized celebration used the stolen credentials of vendor staff to realize entry to a few of our inner instruments.” The corporate spokesman confirmed that it’s associated to an even bigger assault that has affected Twilio Inc.
and various different corporations, although it didn’t determine the third-party vendor.
Twilio, an organization that facilitates communications between clients and corporations, disclosed a phishing assault earlier this month. On Wednesday, Twilio mentioned in a weblog publish that greater than 160 of its buyer corporations had their knowledge accessed, and that it has notified all of them. Among the many different corporations affected embody content material supply community Cloudflare Inc.
and messaging app Sign, in response to TechCrunch, which additionally reported that the broader assault compromised the credentials of just about 10,000 staff throughout the affected corporations.
In 2019, DoorDash disclosed a knowledge breach affecting 4.9 million folks, which it additionally attributed to a 3rd celebration.
DoorDash has arrange a cellphone quantity for U.S. and Canadian shoppers and drivers to name if they need extra info: (833) 559-0221, which is on the market Monday to Friday from 6 a.m. to eight p.m. Pacific time, and weekends from eight a.m. to five p.m. Pacific.