Breaking News
More () »

DoorDash: 'Sophisticated phishing campaign' exposed some customer data

The company said attackers got access to some customers' personal details and partial payment information.
Credit: AP
FILE - The DoorDash app is shown on a smartphone on Feb. 27, 2020, in New York. (AP)

SAN FRANCISCO — Food delivery app company DoorDash said hackers accessed phone numbers, emails and delivery addresses after getting into a third-party vendor's computer system. 

In a Thursday statement, the company said it has "no reason to believe that affected personal information has been misused for fraud or identity theft" from the "sophisticated phishing campaign."

DoorDash didn't share the exact timing of the breach, but told customers it "recently" caught suspicious activity from the unnamed vendor's computer network. It said the vendor's access to its systems was quickly disabled.

RELATED: Uber launches new live-chat safety feature

A spokesman for the company told Bloomberg and TechCrunch that the attack was linked to a phishing breach of messaging company Twilio Inc. earlier in August. 

"The advanced tactics used appear to be connected to a wider phishing campaign that has targeted a number of other companies," DoorDash said in the statement. It said it has contacted law enforcement and affected users over the incident. 

Phishing is when an attacker sends messages to trick people into sharing sensitive information, like passwords.

This is not DoorDash's first data breach; a 2019 attack exposed data from 4.9 million of its users, delivery workers and vendors.

MORE: DoorDash data breach affected 4.9 million consumers, workers and merchants

Who was affected?

DoorDash said a "small percentage" of people whose data is stored on its system were affected. 

For most affected customers, the breached data included name, email address, delivery address and phone number. For a smaller set of customers, it included basic order information and "partial" payment card information, like card type and the last four digits of the card number. 

The company said delivery workers' information was also accessed, mostly including name, phone number and email. 

DoorDash said based on its investigation, the breached data didn't include passwords, full payment card information, bank account numbers or Social Security numbers. 

OTHER NEWS: 'Your DoorDash driver's going to jail' | Texas officer saves date night after arresting delivery driver

Before You Leave, Check This Out