TORONTO -- DoorDash has revealed 4.9 million users in Canada and the United States had their data stolen during a hack in May.
In an email to CTVNews.ca, company spokesperson Mattie Magdovitz said the “incident affected users in the U.S. and Canada” but none in Australia. “We have directly notified those individuals who are involved.”
She wouldn’t break down just many affected users were in Canada.
Information that was stolen included order history, phone numbers, email addresses, user names and people’s physical addresses. And the hackers also made off with the driver’s licence information of around 100,000 drivers who deliver food to customers.
In some cases, hackers stole the last four digits of consumer payment cards and the last four digits of their bank account numbers. But DoorDash said the stolen information was “not sufficient” to make fraudulent charges or bank withdrawals.
The data breach affected users who joined the platform before April 5, 2018, Magdovitz wrote by email.
The gig economy company revealed more details in a Medium post on Thursday, which included how not every user was affected.
“We are reaching out directly to affected users with specific information about what was accessed. We do not believe that user passwords have been compromised, but out of an abundance of caution, we are encouraging all of those affected to reset their passwords to one that is unique to DoorDash," the post read.
Magdovitz revealed that company first became aware of “unusual activity” involving a third-party provider earlier this month. After launching an investigation, they determined an unauthorized third party had accessed DoorDash user data on May 4, 2019.
She added, “We have taken a number of additional steps to further secure user data, including additional protective security layers around the data.”
Madvovitz said the company is also offering “offering free identity protection services” to affected drivers.
