On-demand restaurant meal delivery service DoorDash on Thursday said a breach of its system exposed nearly five million customers, eateries and “Dashers” to a data breach.
The San Francisco-based startup, which competes in North America with Uber Eats and GrubHub, said it noticed unusual activity early this month and discovered DoorDash user data was accessed by “an unauthorized third party” in May.
DoorDash assured users in an online post that it immediately blocked the intruder’s cyber access and enhanced system security.
Data was exposed regarding approximately 4.9 million consumers, merchants and delivery people who joined the restaurant meal delivery platform on or before April 5 of last year, according to DoorDash.
Information included names, phone numbers, and email and delivery addresses, along with passwords scrambled to be indecipherable, DoorDash said.
The last four digits of some customers’ credit cards, as well as the final four digits of merchant and delivery people’s bank accounts, were also exposed in some cases.
“The information accessed is not sufficient to make fraudulent charges on your payment card” or withdrawals from bank accounts, DoorDash said.
Driver’s license numbers for some 100,000 delivery people, referred to as “Dashers,” were also exposed.
DoorDash said it did not believe passwords were compromised, but advised users to change them to be safe.
“We deeply regret the frustration and inconvenience that this may cause you,” DoorDash said.
“Every member of the DoorDash community is important to us, and we want to assure you that we value your security and privacy.”
DoorDash at the end of last year was the leading US service to use a mobile app to match restaurant take-away orders with people willing to deliver the meals for a price.
DoorDash in August announced it was acquiring crosstown rival Caviar in a deal valued at $410 million.
DoorDash said it made the cash-and-stock deal with Square, the digital payments firm led by Twitter founder Jack Dorsey, which acquired Caviar in 2014.
While both firms offer on-demand delivery from restaurants online and using smartphone apps, they have different geographic “footprints” and restaurant partnerships.
“The addition of Caviar’s premium restaurants, with whom DoorDash will work closely to drive their growth, will enable the combined organization to cater to every food preference and occasion,” a statement from the companies said at the time.
DoorDash, founded in 2013 by Tony Xu and two other Stanford University students, serves some 4,000 cities in the United States and Canada and reaches some 80 percent of US households.
DoorDash was in the news earlier this year over a tipping policy that allowed the company to use consumer tips to make up base pay for its delivery contractors, a policy that was later modified.
