DoorDash Data Breach -Third Party Vendor Blamed Over Phishing Attack

On Thursday, food supply giant DoorDash disclosed that consumer and personnel knowledge was uncovered following a third-bash vendor grew to become the target of a facts breach.

The business shared in a weblog write-up that destructive hackers managed to steal the 3rd-occasion personnel credentials and applied them to accessibility some internal applications of DoorDash.

The vendor, in accordance to DoorDash, provides solutions necessitating minimal accessibility to some of the company’s internal instruments. 

What Knowledge was Exposed?

According to DoorDash, the attackers stole the e-mail addresses, names, cellular phone quantities, and shipping and delivery addresses of DoorDash clients. Payment card details of a tiny subset of its customers was accessed as well, which consists of card form and card number’s very last four digits.

It will have to be famous that users of Wolt, an additional on line buying/shipping company acquired by DoorDash in 2021, weren’t impacted by this breach.

“Based on our investigation to day, the info accessed by the unauthorized party did not consist of passwords, complete payment card numbers, lender account figures, or Social Safety or Social Insurance plan numbers.”


DoorDash also pointed out that there was not any evidence that uncovered personal information was misused in identification theft or fraud.

Resource of the Breach?

In its community stability see, DoorDash did not name the impacted 3rd-social gathering vendor who grew to become a knowledge breach victim. The company observed that the assault on the third-occasion seller was linked to the current phishing assault towards Twilio.

Nevertheless, it later on clarified that Twilio was not the impacted 3rd-occasion seller. For your details, on 4 August, Twilio was targeted in a huge-scale phishing attack by hacking team 0ktapus.

The hackers made use of SMS-primarily based messages to entice personnel and redirect them to phishing sites where they had been instructed to enter qualifications.

Hackers Compromise Employee Accounts to Access Twilio Internal Systems
Textual content messages despatched by hackers to Twilio’s previous and present staff – Screengrab: Twilio

DoorDash’s spokesperson Justin Crowley did not disclose the number of consumers possibly impacted by this facts breach. Crowley mentioned that they straight away minimize off the url with the 3rd-occasion vendor soon after exploring suspicious activity.

Furthermore, according to Crowley, DoorDash took some time to “fully investigate” the incident and established how and who got impacted right before publicly disclosing the breach. They have also hired cybersecurity gurus to investigate even more and improve its stability system. The firm has contacted legislation enforcement, way too, to assistance them keep the perpetrators accountable.

  1. CIA failed to defend its complex hacking equipment from hackers
  2. Cisco Confirms Breach Soon after Employee’s Google Account was Hacked
  3. Instagram’s download information instrument exposed users’ passwords to community check out
  4. Ex-employee hacked Cisco’s AWS Infrastructure erased virtual equipment
  5. Hackers made use of phone phishing on a Twitter employee to accessibility internal resources

Sharing is caring!

Facebook Comments

Leave a Reply