DoorDash Leaks Personal Data Of Users And Drivers

Another week, another high-profile data breach.

This time, DoorDash confirmed on a recent blog post that data on nearly five million of its users had been accessed by an unauthorized (and at this point unknown) third party. According to information released by the company, the breach occurred on May the 4^th, 2019.

The unknown parties accessed information on the company’s drivers, merchants and customers who joined DoorDash on or before April 5^th, 2018.

The data taken by the unknown attackers includes:  names, email addresses, delivery addresses, order history, phone numbers, and hashed passwords.  The only silver lining in that is the last item. It will require significant effort on the part of the hackers to decrypt the passwords and make use of them.  Even so, with so much personal information, including physical addresses, the hackers have more than enough data to steal identities.

Part of the company’s formal statement into the matter reads as follows:

“We deeply regret the frustration and inconvenience that this may cause you.  Every member of the DoorDash community is important to us and we want to assure you that we value your security and privacy.”

While the response isn’t a bad one, and the company didn’t make any major missteps in the immediate aftermath of the breach, it’s all starting to feel very canned at this point.  Most companies say the same thing, and yet, these kinds of events keep happening.

Sooner or later, the platitudes aren’t going to be enough to assuage the very real concerns of consumers who are becoming increasingly fed up with seeing companies they trust lose control of their data.  Once a certain threshold has been reached, there’s bound to be a backlash.  We’re not there, but the frustration and anger are growing, and rightly so.