DoorDash Inc. said customer data including phone numbers, emails and delivery addresses were compromised by hackers who infiltrated the computer system of a vendor.
(Bloomberg) — DoorDash Inc.
said customer data including phone numbers, emails and delivery addresses were compromised by hackers who infiltrated the computer system of a vendor.
Hackers gained access to some of DoorDash’s internal tools by using a phishing attack on a third-party vendor that exposed employee credentials, the company said Thursday in a blog post.
DoorDash said the vendor’s access to its systems was “swiftly disabled.” It didn’t disclose the name of the vendor.
A DoorDash spokesman said the attack is linked to a Twilio Inc. breach earlier this month that compromised employee and customer information after outsiders duped Twilio employees into handing over their passwords.
Twilio provides business-to-consumer messaging and digital authentication services among its software products.
DoorDash said hackers primarily accessed customer information such as names, emails, delivery addresses and phone numbers.
Basic order information and partial payment card information was compromised for “a smaller set of consumers.” The San Francisco-based company added that “based on our investigation to date,” the breach didn’t include passwords or full credit card, bank account or Social Security numbers.
Names and phone numbers or email addresses for DoorDash’s delivery couriers, or Dashers, were also exposed.
“The advanced tactics used appear to be connected to a wider phishing campaign that has targeted a number of other companies,” DoorDash said in the blog post. “We understand that law enforcement is aware of this campaign and is actively investigating.”
In addition to working with authorities, DoorDash said it retained a “leading cybersecurity firm” to assist with the investigation into the attack.
More stories like this are available on bloomberg.com
©2022 Bloomberg L.P.
