Online food delivery services are increasingly growing in popularity. A meal may cost a little more, but the services are convenient and save precious time.
However, as with any online business they require you to input personal and financial data. So it's no surprise that hackers are now going after food delivery services.
One of the most popular food delivery services is the latest company to suffer a data breach. We'll tell you which company has been hit, who is affected and what advice the business has for customers.
Millions affected in massive breach
DoorDash is the latest company to be hit with a data breach. About 5 million people were affected and not all of them are customers.
The breach also exposed information on businesses that work with DoorDash and even its drivers. In a statement, DoorDash stated that the breach exposed information on merchants, drivers and customers who joined the platform on or before April 5, 2018. Users who joined after that date are supposedly not affected.
In a statement, the company said it detected unusual activity earlier this month and launched an investigation. DoorDash was able to determine that an unauthorized third party accessed some of the company's user data on May 4, 2019.
The company said it has taken steps to increase security. It added additional protective security layers around the data, improved security protocols and brought in outside expertise to enhance DoorDash's ability to identify and repel threats.
This isn't the first time DoorDash has had problems with data exposure and hacking. Last year some customers were reporting that their accounts had been hacked.
Was your data exposed?
DoorDash detailed what kind of data was taken, emphasizing that any financial information exposed was not enough to allow hackers to gain access to bank accounts or credit cards. The data exposed includes:
- Names, email addresses, delivery addresses, order history, phone numbers, as well as hashed and salted passwords which make actual passwords indecipherable to third parties.
- For some consumers, the last four digits of payment cards.
- For some drivers and merchants, the last four digits of their bank account number.
- Driver’s license numbers of approximately 100,000 DoorDash drivers were accessed.
There's no word on whether any of the data is being sold on the Dark Web.
What you should do now
Although DoorDash says it believes user passwords were not compromised it is encouraging those affected by the breach to reset their passwords.
There have been many serious data breaches this year. In fact, 2019 is on track to exceed data breaches and leaks that took place in 2018. Earlier this month, almost 200 million car buyers' data was exposed due to an unprotected database.
Here are steps you should take whenever a major data breach like this occurs:
- Beware of phishing scams - Scammers will try and piggyback on huge breaches like this. They will create phishing emails, pretending to be the affected company, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
- Keep an eye on your bank accounts - You should be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately.
- Check your online accounts - Have I Been Pwned is an easy to use website with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
- Get a credit freeze - If you think that your identity has already compromised, put a credit freeze on your accounts as soon as you can.
- Have strong security software - Protecting your gadgets with strong security software is important. It's the best defense against digital threats.
- Use different passwords - It is always a bad idea to use the same password for a variety of websites. If you use the same password on multiple sites, and one site is breached, it puts your accounts on other sites at a greater risk.
As the number of hacks and data leaks increase, Komando.com will continue to provide you with information on the latest incidents. Don't miss the news you need to know! Tap or click here to sign up for Kim's Fraud & Security Alerts newsletter, and be the first to learn about product recalls, data breaches and breaking tech news
Here's how to claim your $100 settlement if Yahoo leaked your data
Yahoo! You may be eligible for $100 in compensation as part of a class-action lawsuit against the company. The lawsuit is over a number of serious data breaches at Yahoo that took place over several years affecting users. Yahoo is close to settling the multimillion-dollar lawsuit. In an email announcing the expected settlement, Yahoo said those affected by the breaches also have the option to get free credit monitoring.