Skip to Content
Security & privacy

Hackers expose 5 million records from food delivery service – check your account

Online food delivery services are increasingly growing in popularity. A meal may cost a little more, but the services are convenient and save precious time.

However, as with any online business they require you to input personal and financial data. So it’s no surprise that hackers are now going after food delivery services.

One of the most popular food delivery services is the latest company to suffer a data breach. We’ll tell you which company has been hit, who is affected and what advice the business has for customers.

Millions affected in massive breach

DoorDash is the latest company to be hit with a data breach. About 5 million people were affected and not all of them are customers.

The breach also exposed information on businesses that work with DoorDash and even its drivers. In a statement, DoorDash stated that the breach exposed information on merchants, drivers and customers who joined the platform on or before April 5, 2018. Users who joined after that date are supposedly not affected.

In a statement, the company said it detected unusual activity earlier this month and launched an investigation. DoorDash was able to determine that an unauthorized third party accessed some of the company’s user data on May 4, 2019.

The company said it has taken steps to increase security. It added additional protective security layers around the data, improved security protocols and brought in outside expertise to enhance DoorDash’s ability to identify and repel threats.

This isn’t the first time DoorDash has had problems with data exposure and hacking. Last year some customers were reporting that their accounts had been hacked.

Was your data exposed?

DoorDash detailed what kind of data was taken, emphasizing that any financial information exposed was not enough to allow hackers to gain access to bank accounts or credit cards. The data exposed includes:

  • Names, email addresses, delivery addresses, order history, phone numbers, as well as hashed and salted passwords which make actual passwords indecipherable to third parties.
  • For some consumers, the last four digits of payment cards.
  • For some drivers and merchants, the last four digits of their bank account number.
  • Driver’s license numbers of approximately 100,000 DoorDash drivers were accessed.

There’s no word on whether any of the data is being sold on the Dark Web.

What you should do now

Although DoorDash says it believes user passwords were not compromised it is encouraging those affected by the breach to reset their passwords.

There have been many serious data breaches this year. In fact, 2019 is on track to exceed data breaches and leaks that took place in 2018. Earlier this month, almost 200 million car buyers’ data was exposed due to an unprotected database.


Related: Protecting your bank account in the wake of data breaches


Here are steps you should take whenever a major data breach like this occurs:

  • Beware of phishing scams – Scammers will try and piggyback on huge breaches like this. They will create phishing emails, pretending to be the affected company, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
  • Keep an eye on your bank accounts – You should be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately.
  • Check your online accounts – Have I Been Pwned is an easy to use website with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
  • Get a credit freeze – If you think that your identity has already compromised, put a credit freeze on your accounts as soon as you can.
  • Have strong security software – Protecting your gadgets with strong security software is important. It’s the best defense against digital threats.
  • Use different passwords – It is always a bad idea to use the same password for a variety of websites. If you use the same password on multiple sites, and one site is breached, it puts your accounts on other sites at a greater risk.

As the number of hacks and data leaks increase, will continue to provide you with information on the latest incidents. Don’t miss the news you need to know! Tap or click here to sign up for Kim’s Fraud & Security Alerts newsletter, and be the first to learn about product recalls, data breaches and breaking tech news

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me