How the hackers lair could look
FOOD DELIVERY GIANT DoorDash has become the latest victim of the hackers’ glare, revealing that up to five million US customer records have been breached.
For Blighty readers, this would be a bit like if Just-Eat was clobbered, but having said that, we must emphasise that this hasn’t happened. Your Just Eat credentials are, as far as we know, fine.
Anyway, back to DoorDash and the company revealed on Thursday that a third party got access to the DoorDash’s systems. The five million records aren’t the entire database, and if you joined after 5th April 2018 then you’re golden.
It’s a fairly spectacular breach in terms of what was taken; names, email addresses, delivery addresses, what you’ve ordered, phone numbers and hashed (encrypted) passwords is just the beginning.
In some cases, the last four digits of bank accounts and credit cards was taken too, but DoorDash is keen to point out that no CVC or expiry dates were accessed, so there’s not enough there for the hackers to take any money.
Finally, a small (well, 100,000) number of users had their driving licence numbers swiped too.
If you’re affected, you’ll be hearing from DoorDash. If you don’t, you’ve nothing to worry about – no passwords were accessed, but an abundance of caution is being recommended.
DoorDash adds: “We have taken a number of additional steps to further secure your data, which include adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats.”
If you’re still concerned, US users can call the 24/7 helpline on 855-646-4683. It’s a great way to learn about life in Bangalore.
The usual INQ advice applies here to anyone with a DoorDash account. Change your password. Right now. If you’ve used the same password on other sites, change ALL your passwords and make them all different, or use a password manager. And don’t do it again. µ