(WTNH) — DoorDash has announced that it is investigating a security breach that has affected approximately 4.9 million users.
The company said an unauthorized third party accessed some user data on May 4, 2019.
“We took immediate steps to block further access by the unauthorized third party and to enhance security across our platform,” the company said.
Affected users include customers and merchants who joined before or on April 5, 2018.
Those people will be reached out to directly by DoorDash.
Information accessed included names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords – a form of rendering the actual password indecipherable to third parties.
The company said the last four digits of a consumer’s credit or debit card or bank account used for payments could have been accessed too.
The driver’s license numbers of 100,000 drivers were accessed as well.
“We are reaching out directly to affected users with specific information about what was accessed. We do not believe that user passwords have been compromised, but out of an abundance of caution, we are encouraging all of those affected to reset their passwords to one that is unique to DoorDash,” said the company.
Those with questions should contact (855) 646-4683 or visit the company’s website.