DoorDash known for food delivery became yet another victim of a sophisticated phishing campaign linked to their third-party vendor. The hacker used this access to breach DoorDash’s internal tools to access data for both consumers and employees. If you have an account with the DoorDash food delivery service, your identity may be left lurking in the wild if you don’t take the necessary precautions.
DoorDash has posted more information about the breach and how they are addressing it on their website.
Exposed information
Credit Card Network & last four digits of the card number
Email addresses
Phone numbers
Names
Physical Addresses
While DoorDash does not mention the name of the third-party vendor, the food delivery company told TechCrunch that the breach is linked to the same threat actors who recently attacked Twilio.
What should you do to protect yourself?
You may want to take the following steps to protect your information and help guard against fraud:
(i) Ignore any suspicious emails, texts, or phone calls – particularly if they appear to be from DoorDash – as they may be bad actors attempting to defraud you.
(ii) Though no passwords were exposed, you may want to update the passwords on your email account and any other accounts where you use your email address to log in.
(iii) Validate with your financial institution to make sure your information is up to date. Add any new information you want to monitor – especially information you think may be vulnerable after this breach to credit monitoring services to scan.
(iv) Place a fraud alert on your credit file and change your credit card number if you want to remain in the clear relating to the exposed last four digits found in your digital wallet that was ever linked to DoorDash.
(v) If you have reasonable evidence as an employee that DoorDash failed to take extra precautions, please report this to relevant authorities and news agencies so that the company can be taken to court!
Last Updated on 09/18/2022 by Emmanuel Motelin
