The announcement comes with the blogpost, where the company said their systems were breached and about 4.9 million users, (workers and merchants) data were stolen by hackers. According to the security notice, company acknowledge that the breach took place on May 4, but users who have joined after April 5, 2018, were not affected by the hack.
On the hack, hackers stole users name, address, email address, order history, contact details and hashed passwords. Regarding the financial data, the company said hackers also took the last four digits of card information but full card numbers and CVV (card verification values) data are safe. Furthermore, hackers also took driving licence information of more than 100,000 delivery workers.
TechCrunch first reported the breach notification, noted that almost a year ago DoorDash users complained about the unauthorised access to their accounts, but at that time company denied the data breach.
Now company spokesperson blamed the breach on “a third-party service provider,” but the third-party was not named.