DoorDash Confirms Data Breach Affected 4.9 million Customers, Workers and Merchants (Sep 26, 2019)
The food delivery company DoorDash has had a data breach according to TechCrunch. The breach happened on May 4th and it took the company more than five months to detect it. New customers who joined before the 5th of April 2018, have had sensitive information such as email address, home address, phone numbers, order history and the last four digits of their card numbers taken. Salted passwords were also taken. Staff members who were delivery drivers also had their license number taken
Recommendation: The impact of a breach on those affected is largely dependent on what was stolen and how it can be used. Actors can sell sensitive information to other actors in underground forums. One way in which you can mitigate further use of passwords is making sure you use a different password for each account. Breaches can allow actors to gain access to other accounts because users frequently use the same username and password combinations for multiple accounts. If banking information has been stolen, individuals should check their bank statements for any unusual activity that may indicate a compromise and fraudulent charges.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.