Hackers may have stolen you DoorDash order history.
On Thursday, gig economy company DoorDash announced that hackers had stolen data on 4.9 million consumers, merchants, and “Dashers” who deliver food for the app.
In a Medium post, the company explained that the information stolen includes names, email addresses, delivery addresses, order history, phone numbers, and hashed passwords. In some cases, the last four digits of consumers’ payment cards and bank account numbers were also stolen, and the hackers also made off with the driver’s license numbers of around 100,000 Dashers.
“We are reaching out directly to affected users with specific information about what was accessed. We do not believe that user passwords have been compromised, but out of an abundance of caution, we are encouraging all of those affected to reset their passwords to one that is unique to DoorDash,” DoorDash’s announcement post read.
The breach centers around a third-party service provider, and the notifications sent to victims are being sent out over the coming days, the announcement adds. The breach impacted users who joined before April 5, 2018.
“We have taken a number of additional steps to further secure your data, which include adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats,” DoorDash’s post added.
Correction: This article originally said the DoorDash breach impacted users who joined the app after April 5, 2018. The breach impacted users who joined the app before April 5, 2018. Motherboard regrets the error.