DoorDash disclosed a data breach that exposed the personal information of an unspecified number of users, including names, email addresses, phone numbers, and physical addresses.
Despite the fact that hackers stole phone numbers and physical addresses, DoorDash said that “no sensitive information was accessed by unauthorized third parties and we have no indication of the data being misused for fraud or identity theft at this time.”
DoorDash said in the post that the breach affected a mix of customers, delivery workers and merchants. The company did not respond to a request for comment, including a question about how many users were actually victims of the breach.
The breach arose from an employee falling victim to a social engineering attack. According to a post, when the company identified the breach, it shut down the hackers’ access to its systems, launched an investigation and reported the incident to law enforcement. Published last week by the company.
DoorDash said no “Social Security numbers, other government-issued identification numbers, driver’s license information, or bank or payment card information” were stolen as part of the breach.
The company said it has notified affected users.
