DoorDash Data Breach: What to Know

Your order is here

On Sept. 26, DoorDash announced a data breach that affected nearly 5 million of its customers, restaurant owners and delivery workers, potentially exposing their personal information to hackers.

The food delivery and pickup company investigated the breach that occurred on May 4, when it says an unauthorized third party was able to access the information of users who joined before April 6, 2018. DoorDash says it immediately locked out the third party and took steps to ramp up its data security.

What Information Was Compromised?

Various types of personal and financial information was taken from DoorDash, including:

  • Names, email addresses, delivery addresses, order histories and phone numbers from users' profiles. Profile passwords were also taken, but were "hashed and salted"—protective measures that scramble information in a way that makes it nearly impossible to read.
  • The last four digits of some customers' credit or debit cards. DoorDash says the full card numbers and card verification values (the three- or four-digit codes on the front or back of cards) weren't taken.
  • The last four digits of some delivery workers' and merchants' bank accounts.
  • Driver's license numbers of about 100,000 delivery people.

According to DoorDash, the debit, credit and bank account numbers taken won't give hackers enough information to use cards or access bank accounts.

What Can You Do if You Were Affected?

DoorDash says it is working to contact those affected to let them know what information was taken. It has also created a 24/7 support line that you can reach by calling 855-646-4683.

Even if you haven't been contacted, if you think your account or information could have been compromised, you should change your DoorDash password. If you used that password for any other accounts, you might want to change those accounts' passwords as well.

If you've worked as a delivery person for DoorDash and believe your driver's license number was stolen, you should report the theft to your local police department and your state's Department of Motor Vehicles or transportation agency.

Protect Yourself From Future Data Breaches

Whether or not the DoorDash breach compromised your information, large data breaches can happen at any time. Here are four proactive steps you can take to help keep your personal information safe and make recovering from a breach as simple as possible.

1. Secure Your Online Accounts

Create long, unique passwords for each of your online accounts as a basic step to keep your accounts secure. It's especially important to have strong, unique passwords for accounts that have your personal or financial information. Read Experian's guide to creating secure passwords to learn more, and consider using a password manager to help you create and remember all the passwords.

When possible, enable two-factor authentication to help prevent others from logging in to your account even if they're able to figure out your username and password.

2. Use Caution Before Sharing Your Personal Information

Fraudsters sometimes use stolen personal information to try to gather even more personal information.

For example, someone could use your name, email address and the last four digits of your bank account number to create an official-looking email asking you to reset your bank password. When you click on the link, you'll be directed to a page that looks similar to the bank's website, but was created to collect personal information.

These types of phishing scams can come via emails, texts or even phone calls. You should always be cautious about sharing personal or account information. It's best not to open links or attachments unless you recognize the sender. If someone calls you claiming to be from the police, a government agency or financial institution, you can hang up, look up the organization's number and call back to ensure you're speaking with an actual representative.

3. Freeze Your Credit Reports

Freezing your credit reports can keep fraudsters from opening accounts in your name even if they're able to steal your personal information. Creditors generally won't be able to access your credit reports—often a first step in opening a new account—unless you unfreeze (or "thaw") your report first.

Experian offers free credit freezes and thaws, which you can manage online with the Experian Security Freeze Center. You also can add a free fraud alert to your credit report. When there's a fraud alert present, creditors will contact you to verify your identity when using your credit report to open a new account.

4. Sign Up for Identity Theft Monitoring

Companies affected by a data breach sometimes offer credit monitoring to customers who were impacted. There are also many free options for credit monitoring, such as getting a free credit report every 30 days from Experian upon creating an account. If you're looking for an extra layer of protection, consider a more all-encompassing identity theft monitoring and resolution service, such as Experian's IdentityWorks℠. A subscription includes:

  • Credit report monitoring of all three major credit bureaus (Experian, TransUnion and Equifax).
  • FICO® Scores based on your credit reports from all three major credit bureaus.
  • Experian CreditLock, which lets you instantly lock and unlock your credit file.
  • Dark web monitoring with alerts if your personal information is found on the dark web.
  • A fraud resolution support team that can help you resolve problems if your identity is stolen.
  • Up to $1 million in identity theft insurance, which can help cover the cost of restoring your identity and pay for unreimbursed expenses, such as lost wages or legal fees.

As data breaches continue to occur at an alarming rate, it's important to take proactive steps now to keep your information as safe as possible. And if you find you've been a victim of identity theft due to a data breach, act quickly to protect your personal information.

For more information on the DoorDash data breach, read the full statement from DoorDash.