Doordash is the latest of the “services you probably use, or at least have an account with” companies to suffer a large data breach. And while your passwords likely haven’t been compromised, it’s possible that your physical address is floating around in the Internet somewhere, among other identifying information.
As Doordash wrote yesterday, an unknown individual accessed data they shouldn’t have on May 4. Among the information that was compromised included:
“Profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords — a form of rendering the actual password indecipherable to third parties.”
Approximately 4.9 million Doordash customers were affected by the breach, but only those who joined the site prior to April 5, 2018. If you signed up for Doordash after that, you’re in the clear.
However, the leaked information doesn’t stop with emails, phone numbers, and names—to name a few. For a subset of those affected, the attacker was able to access the last four digits of their stored credit card, their bank account number, or their drivers’ license numbers.
Doordash is currently reaching out to those whose data might have been compromised; if you haven’t received an email yet, you might be in the clear, but it’s also taking the company a bit of time to send these, so it’s OK to be slightly anxious.
As Doordash notes:
“The information accessed is not sufficient to make fraudulent charges on payment cards or fraudulent withdrawals from bank accounts. Regardless, it is a security best practice to always be vigilant and regularly check your payment card and bank accounts for unusual activity. If you see something suspicious, you should promptly report it to your financial institution.”
Nevertheless, the company still recommends you change your Doordash password, at minimum, out of an abundance of caution. I’d second that recommendation, but that’s probably all you have to freak out about right now. Keep a watchful eye on your bank accounts or credit card information, but it’s highly unlikely they will be affected by this breach.
As for your driver’s license number, that’s a bit more frustrating. If Doordash notifies you that your number was leaked as a result of this breach, you might to take a stronger measure—like a credit freeze, suggests Experian—or make a note to request a copy of your driving record from the DMV anywhere from six months to a year from now, just to make sure nobody was using your number to get out of a traffic violation.
(Similarly, it might be worth contacting your DMV and letting them know your number was stolen as part of a data breach; they might be able to make a note about that, or at least offer additional advice on what you could do, if anything.)
