The food delivery service confirmed a data breach exposed the records of 4.9 million, including customers, delivery workers, and merchants. Hackers stole information including: names, email addresses, home addresses, phone numbers, passwords, and partial credit card and bank account numbers.
The passwords exposed the DoorDash data breach were “hashed and salted” -this means there were added safeguards, but before you let out that sigh of relief, these methods aren’t enough. In addition to the other exposed information, about 100,000 delivery workers also had their driver’s license numbers hacked.
This breach comes the same week that Dunkin Donuts is sued by New York for failing to disclose a cyber-attack that exposed thousands. Unfortunately, news like this is the new norm. The number of data breaches is skyrocketing, with data breaches in 2019 already doubling those of 2018. It can be hard to keep up. But what can consumers do, especially when some services, like DoorDash, need sensitive information like your home address?
Those affected by the DoorDash data breach are users who joined the site on or before April 5, 2018. DoorDash will be informing the users affected by this data breach. But if you might have been affected, here are some steps you should take now:
1. Change your passwords.
While the passwords exposed in this breach were stored with safeguards, it’s still a good idea to go ahead and change them as part of good password hygiene. This is a good time to reflect on your passwords and ensure you’re not using the same one across multiple platforms.
2. Monitor your credit.
There are services, both paid and free, that can periodically review your credit for potential fraud.
3. Freeze your credit
Particularly if you may have been a one of the drivers whose information was leaked, you should consider freezing your credit. This prevents any new credit accounts being opened in your name.
4. Remain alert
A tactic scammers like to use following a data breach includes posing as a representative, either from the company or the government, to gather more sensitive information from consumers. Be wary of emails and phone calls that can be scammers posing to take advantage of the recent events.
DoorDash blames a third party provider for this breach, but as consumers, we deserve better. Managing the cybersecurity of third parties is a responsibility every business has. Businesses should properly evaluate their third parties and any vendors with access to sensitive information. Proper evaluation can include assessments and audits, ongoing monitoring, and establishing a data directive.
To receive tips on security and keep up with the latest in the cybersecurity world, sign up for our newsletter.