Along with GrubHub, DoorDash is one of the most popular food delivery apps. Now, the popular delivery service has just suffered a security breach. Hackers may have access to a record of that time you ordered a cheeseburger at 2 AM.
According to a notice published by DoorDash, some app users were victims of a breach where an unauthorized party gained access to internal tools by using stolen credentials from vendor employees. The attackers gained access to the name, email address, delivery address, and phone number for some people.
For a smaller subset of users, the attackers also gained limited payment information, such as card type and the last four digits of credit cards. The information compromised doesn't include full card numbers, bank account numbers, or Social Security numbers, so you shouldn't have money mysteriously disappearing from your account because of this breach.
If you were affected, DoorDash should be getting in touch with you soon to notify you of the breach, and to what extent you were affected. Likewise, it's also working on strengthening its security (even though this was the result of a phishing attack) and assisting law enforcement.
This is the latest in a long line of recent security breaches. Recently, both Plex and LastPass fell victim to breaches of their own as well. It doesn't look like any sensitive information from you was exposed during the attack, though, so for now, you don't need to do anything.
Source: DoorDash