Tech

DoorDash customer data hit in phishing attack

admin

Delivery and takeout firm DoorDash has had some of its customer data accessed as the result of a phishing attack, it has confirmed. 

In a blog post, the company said it was the latest to be affected by the knock-on effects of a cyberattack that hit Twilio earlier this month.

DoorDash said that when the unknown attackers breached Twilio’s endpoints, they stole login credentials that some Twilio employees used to access certain DoorDash tools. Using those credentials, the attackers proceeded to access sensitive data it was holding.

Passwords and payment data safe

The company did not give out the specific number of users affected by the breach asides from saying a “small percentage” of individuals could be impacted, but did confirm what data was accessed.

“For consumers, the information accessed primarily included name, email address, delivery address, and phone number,” the blog reads. “For a smaller set of consumers, basic order information and partial payment card information (i.e., the card type and last four digits of the card number) was also accessed. For Dashers, the information accessed by the unauthorized party primarily included name and phone number or email address.” 

Passwords, full payment card numbers, bank account numbers, Social Security numbers, and Social Insurance numbers, were not accessed, the company confirmed, also adding that it found no evidence of the compromised data being used for fraud or identity theft.

Read more

> This dangerous fake Chrome extension could be hurting your device without you knowing

> Signal says hundreds of users may have been hit in phishing attack

> Best malware removal today: paid and free services

To mitigate the issue, DoorDash blocked Twilio’s access to its systems for the time being. It also said it “further enhanced” its security systems, as well as its third-party vendor’s security systems, without detailing exactly what was done. 

“We have also shared security alerts with other third-party vendors detailing the specific tactics used and reminded employees and third-party vendors to be on alert for any suspicious activity.”

The company also brought in a cybersecurity firm to assist with the ongoing investigation, notified its users, and contacted law enforcement. 

These are the best identity management tools right now

 

You Might Also Like

The latest Google Pixel 7 leak includes face unlock and eSIM details

Even the Windows logo isn’t safe from malware

Brave is about to solve one of the most frustrating problems with browsing the web

Low-code could replace “traditional” coding within months

Share this Article
Leave a comment

Leave a Reply

Your email address will not be published.

Follow US

Find US on Social Medias
Popular News
- Advertisement -
Ad imageAd image
Global Coronavirus Cases

Confirmed

617.68M

Death

6.55M

More Information:Covid-19 Statistics
Generated by Feedzy
Lost your password?