Major DoorDash Data Breach

Major DoorDash Data Breach


The food delivery giant DoorDash confirmed on Thursday that nearly 5 million customers have been left exposed due to a massive data breach. The hack seems to be an all-encompassing one as customers, delivery workers, and merchants were all left vulnerable with their data being stolen.

Despite the fact that it is now nearly October, this breach occurred in May earlier this year – meaning that it took the company 5 months to detect and confirm this breach. There is no doubt that DoorDash will receive severe backlash for this as customers have continued using this platform without any knowledge that they have been exposed.

Mattie Magdovitz, the spokesperson for the company, asserted blame onto a third-party service provider and stated that “we immediately launched an investigation and outside security experts were engaged to assess what occurred.”

However, there was no comment on why it took nearly half a year to even acknowledge this data breach.

According to DoorDash, sensitive information involving credit card numbers and bank account numbers was stolen. The company, though, is adamant that the information that was stolen was not sufficient to make fraudulent charges or withdrawals.

Furthermore, profile data such as username and passwords – as well as addresses, phone numbers, and email addresses were stolen. Even more worrying perhaps that over 100,000 delivery workers had their license numbers hacked.

This is by all accounts a major data breach and the aftermath could be incredibly worrying for the company itself.

Previously, we have spoken about the data breaches that have hit Canva, Desjardins, and Capital One. In all of these cases, lawsuits have followed seeking damages worth hundreds of millions of dollars. At the current moment, there is no indication that this time will be any different – especially considering the lack of urgency DoorDash has shown in acknowledging this breach.

The company states that users who joined after April of 2018 are safe and that their data has not been exposed; however, the nearly 5 million users who joined before that date did not get as lucky.

What’s even more worrying is that exactly a year ago – in September of 2018 – users on DoorDash complained of a data breach. These customers stated that their accounts were improperly handled and that fraudulent charges were appearing on their cards.

DoorDash, though, failed to address these allegations – offering no response to those who were affected. Instead, a spokesperson for the company stated in an email to TechCrunch that “based on the information available to us, including internal investigations, we have determined that the fraudulent activity reported by consumers resulted from credential stuffing.”

This claim was widely rejected by its customer-base with one victim stating “simply makes no sense that so many people randomly had their accounts infiltrated for so much money at the same time.”

There is no doubt now that, in light of this recent confirmed data breach, many will look back to a year ago and question the findings of the company.

It should be noted, though, that data breaches are increasingly common nowadays. Companies like DoorDash, Canva, Desjardins, and Capital One will get all the news coverage because of their size but the reality is that smaller-to-medium sized businesses are more at-risk of an attack of this nature.

Make sure your business is protected in the event of a cyber-attack. In today’s technological climate, it is not a question of if there will be an attack but rather when one will affect you. Cyber crime is an inevitability.

Contact one of our licensed experts today at This email address is being protected from spambots. You need JavaScript enabled to view it. or call us at 905-696-9090. We can help you stay protected.



Costs for Employer-Provided Medical Benefits to Ri...
RISK Management, Insurance Directors & Officers Li...