Data breach seems to be a trend this month. Doordash, a food delivery company, confirmed data breach this afternoon in which over 4 million people which includes employees, customers, and merchant’s data have been reported stolen. Apparently it happened over 5 months ago and the company came out with this news today. According to TechCrunch – “The breach happened on May 4, the company said, but added that customers who joined after April 5, 2018 are not affected by the breach.
It’s not clear why it took almost five months for DoorDash to detect the breach.
DoorDash spokesperson Mattie Magdovitz blamed the breach on “a third-party service provider,” but the third-party was not named. “We immediately launched an investigation and outside security experts were engaged to assess what occurred,” she said.
Users who joined the platform before April 5, 2018 had their name, email and delivery addresses, order history, phone numbers and hashed and salted passwords stolen.
The company also said consumers had the last four digits of their payment cards taken, though full numbers and card verification values (CVV) were not taken. Both delivery workers and merchants had the last four digits of their bank account numbers stolen.”
More than 100,000 driver licenses have been stolen as well. What boggles me is that the company failed to take proper steps after their customers had complained about their accounts getting hacked.
Source Link: https://techcrunch.com/2019/09/26/doordash-data-breach/
Jaimin, I came across this news today as well. According to their official blog post, which can be found here: https://blog.doordash.com/important-security-notice-about-your-doordash-account-ddd90ddf5996#46h35gr24e
It appears they “became aware of unusual activity involving a third-party service provider.” Some of the delays might be caused by the 3rd party service provider(s). This is another example of what outsourcing can do to a business.
I am personally opposed any form of outsourcing, you can have the best contract agreement, and have your legal team review, put in all the controls and audit the service provider. But ultimately, it’s the service provider who has your valuable business data in hand. It’s difficult to keep the provider accountable at all times. It will only take one time, for your service provider to make a mistake at your company’s expense.