DoorDash Hack: How to Find Out if Your Data Was Stolen in the Massive Security Breach Affecting 4.9 Million Users

Food delivery service DoorDash confirmed Thursday that the data of roughly 4.9 million customers, delivery workers and restaurants had been accessed in a security breach back in May.

Here's how to find out if you are affected.

Firstly, if you signed up to DoorDash after April 5, 2018, your data is likely safe. Unfortunately for anyone who created an account before that date, a slew of personal information, including your email address, home address and partial card numbers, may now be in the hands of cybercriminals.

In a data breach notification, the company said anyone whose information was accessed in the incident will soon be contacted directly and will then be informed of exactly what type of data was stolen.

That remains the main way that you will find out if you are among the millions of victims.

If you do not want to wait for the company to contact you personally, you can reach out to a new dedicated call center that has been set up for inquiries. It is available 24/7 via 855–646–4683.

The firm said customers, delivery workers and restaurants were affected in the breach, which is being blamed on an "unauthorized third party." The company said it became aware of "unusual activity involving a third-party service provider" earlier this month. Data was accessed on May 4.

DoorDash officials did not elaborate on how its systems were breached.

Profile information was accessed, including names, email addresses, delivery addresses, order history and phone numbers, as well as encrypted passwords. Some customers lost the last four digits of consumer payment cards, while some merchants lost partial bank account numbers. According to DoorDash, the license numbers of roughly 100,000 delivery drivers were also put at risk.

"We take the security of our community very seriously," the company said. For the majority of affected customers, it will now be a waiting game to find out what exactly what data was lost and when. The San Francisco company stressed that only "a portion" of its full user base was affected.

Regardless, that appears to be close to 5 million people.

Despite DoorDash's assurance that it does not believe user passwords were compromised, it is still highly advised to reset your personal account details. You can change your password online.

A spokesperson described the steps DoorDash has taken to increase its security.

"We took immediate steps to block further access by the unauthorized user and to enhance security across our platform," the spokesperson said. "These steps include adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats."

Doordash
An insulated DoorDash delivery bag rests in the front seat of a delivery vehicle in Walnut Creek, California, on October 9, 2018. Smith Collection/Gado/Getty