Popular iPhone app and delivery service DoorDash, has confirmed that hackers have stolen personal information, and is informing those affected now.
DoorDash confirmed the intrusion in a support document hidden in the "Manage Your Account" section of its website.
The company says that no sensitive information was accessed. However, it also confirmed that data such as people's home addresses could have been accessed by an unauthorized entity — data that we'd call sensitive.
The full list of customer data potentially accessed by the unspecified third party includes:
- First and last name
- Phone number
- Email address
- Physical address
DoorDash's definition of "sensitive data" is limited to "Social Security numbers or other government-issued identification numbers, driver's license information, [and] bank or payment card information."
As for how the entity gained access to this data, DoorDash says that an employee was targeted by a social engineering scam. It stopped short of explaining what that entailed, however.
The support document goes on to say that it is "committed to protecting your privacy." It's already made "enhancements" to its security systems and implemented new employee training.
Despite trying to play down the impact of this incident, DoorDash has also hired an external firm to investigate it. Law enforcement has also been notified.
Notably, DoorDash's support document doesn't confirm when the intrusion took place.
DoorDash customers who need more information can contact the company's call center for more information. They're advised to refer "B155060" when doing so.
