DoorDash, a food delivery company, has confirmed a data hack.
DoorDash said that malicious hackers stole credentials from employees of a third-party vendor that were used to gain access to some of the company's internal tools.
The attackers were able to access names, email addresses, delivery addresses and phone numbers of DoorDash customers. Payment card information, including card type and the last four digits of the card number, was accessed by hackers for a small group of users.
The data that was accessed for DoorDash delivery drivers was mostly name and phone number. The users of Wolt are unaffected by the acquisition by DoorDash.
DoorDash won't say how many users it has or how many users were affected by the incident.
Third-party vendor access to the company's systems was cut off after discovering "unusual and suspicious" activity.
DoorDash did not name the third-party vendor, which provides services that require limited access to some internal tools, but confirmed to TechCrunch that the vendor breach is linked to the scam that took place on August 4 The same hacking group, dubbed "0ktapus," has stolen close to 10,000 employee credentials from at least 130 organizations since March, according to researchers.
The company took time to fully investigate what happened, which users were impacted and how they were impacted before revealing the data breach.
The company hired a cybersecurity expert to help with its ongoing investigation and is taking action to further enhance its security systems.
This isn't the first time that DoorDash's systems have been hacked. More than 4 million customers, delivery workers and merchants were affected by the data breach. The third-party service provider was blamed for the incident.
You can read more.
The archives are from the past.
All Rights Reserved © 2024
