DoorDash disclosed a data breach that exposed the personal information of an unspecified number of users, which included names, email addresses, phone numbers, and physical addresses.
Despite the fact that hackers stole phone numbers and physical addresses, DoorDash said that “no sensitive information was accessed by the unauthorized third party and we have no indication the data has been misused for fraud or identity theft at this time.”
DoorDash said in the post that the breach impacted a mix of customers, delivery workers, and merchants. The company did not respond to a request for comment, which included a question on exactly how many users were victims of the breach.
The breach originated from an employee falling for a social engineering attack. When the company identified the breach, it shut down the hackers’ access to its systems, started an investigation, and reported the incident to law enforcement, according to a post published last week by the company.
DoorDash said no “Social Security numbers, other government-issued identification numbers, driver’s license information, or bank or payment card information” were stolen as part of the breach.
The company said it has notified impacted users.
