DoorDash has disclosed a data breach that exposed the personal information of an unspecified number of users, including names, email addresses, phone numbers, and addresses.
Despite the fact that hackers stole phone numbers and addresses, DoorDash said that “no sensitive information was accessed by unauthorized third parties and there is no indication at this time that the data was used for fraud or identity theft.”
DoorDash said in a post that the breach affected its customers, delivery personnel, and merchants. The company did not respond to requests for comment, including questions about exactly how many users were victims of the breach.
The breach began when an employee fell victim to a social engineering attack. Once the company identified the breach, it blocked the hackers' access to its systems, began an investigation, and reported the incident to law enforcement, according to a post published last week.
DoorDash said that no “Social Security numbers, other government-issued identification numbers, driver's license information, or banking or payment card information” were stolen as part of the breach.
The company said it has notified affected users.