Doordash is the latest of the “services you probably use, or at least have an account with” companies to suffer a large data breach. And while your passwords likely haven’t been compromised, it’s possible that your physical address is floating around in the Internet somewhere, among other identifying information.
As Doordash wrote yesterday, an unknown individual accessed data they shouldn’t have on May 4. Among the information that was compromised included:
“Profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords — a form of rendering the actual password indecipherable to third parties.”
Approximately 4.9 million Doordash customers were affected by the breach, but only those who joined the site prior to April 5, 2018. If you signed up for Doordash after that, you’re in the clear.
However, the leaked information doesn’t stop with emails, phone numbers, and names—to name a few. For a subset of those affected, the attacker was able to access the last four digits of their stored credit card, their bank account number, or their drivers’ license numbers.
Doordash is currently reaching out to those whose data might have been compromised; if you haven’t received an email yet, you might be in the clear, but it’s also taking the company a bit of time to send these, so it’s OK to be slightly anxious.