Data leak on DoorDash linked to Twilio hackers

Share This Post

According to DoorDash, the attackers gained access to the customers’ names, email addresses, delivery addresses, and phone numbers. Hackers gained limited access to payment card data for a “smaller subset” of users, including the type of card and the last four digits of the card number.

DoorDash said that hostile hackers acquired credentials from staff members of a third-party vendor and then used those credentials to access some of DoorDash’s internal tools in a blog post shared with TechCrunch before it was published at market closing.

Highlights

  • DoorDash claims that “a small percentage” of users were impacted by the event, but it would not disclose the exact number of users it currently has or the precise number of users who were impacted.

  • Hackers gained access to information that “mainly contained name and phone number or email address” for DoorDash delivery drivers, or Dashers. Users of Wolt, an online ordering and delivery service with headquarters in Helsinki that DoorDash bought last year, are unaffected.

According to DoorDash spokesperson Justin Crowley, the unnamed third-party vendor “provides services that require limited access to specific internal tools,” but the vendor hack is connected to the phishing attempt that affected SMS and messaging giant Twilio on August 4. The same hacker group, known as “0ktapus,” is responsible for a larger phishing campaign that researchers have linked to these attacks. Since March, “0ktapus” has stolen nearly 10,000 employee credentials from at least 130 companies, including Twilio, Signal, internet companies, and outsourced customer service providers.

After noticing “strange and suspicious” activities, the corporation claimed it turned off the third-party vendor’s access to its systems.

DoorDash declined to disclose when it became aware that it had been compromised, but a company representative stated that before announcing the data breach, the firm took the time to “completely analyse what happened, whose consumers were impacted and how they were impacted.”

Since learning about the breach, DoorDash says it has recruited an unnamed cybersecurity professional to assist with its continuing investigation and is taking steps to “further fortify DoorDash’s already formidable security mechanisms.”

Hackers have previously taken data about customers from DoorDash’s networks. A data breach impacting 4.9 million consumers, delivery personnel, and merchants was disclosed by the corporation in 2019 as a result of hackers stealing their personal data. Additionally, it attributed the intrusion to an unidentified outside service provider.

Read More:

Partnership Between Mitsubishi Electric and Nozomi Networks Strengthens Operational Technology Security Business

Mitsubishi Electric and Nozomi Networks Partnership Mitsubishi Electric and Nozomi...

Solidion Technology Inc. Completes $3.85 Million Private Placement Transaction

**Summary:** 1. Solidion TechnologyInc. has announced a private placement deal...

Analyzing the Effects of the EU’s AI Act on Tech Companies in the UK

Breaking Down the Impact of the EU’s AI Act...

Tech in Agriculture: Roundtable Discusses Innovations on the Ranch

Summary of Tech on the Ranch Roundtable Discussion: ...

Are SMEs Prioritizing Tech Investments Over Security Measures?

SMEs Dive Into Tech Investments, But Are...

Spotify Introduces Music Videos for Premium Members in Chosen Markets

3 Summaries of Spotify Unveils Music Videos for Premium...

Shearwater to Monitor Production at Equinor’s Two Oil Platforms

Shearwater GeoServices secures 4D monitoring projects from Equinor for...

Regaining Europe’s Competitive Edge in Innovation: Addressing the Innovation Lag

Europe’s Innovation Lag: How Can We Regain Our Competitive...

Related Posts

Government Warns of AI-Generated Content: Learn More about the Issue

Government issued an advisory on AI-generated content. All AI-generated content...

Africa Faces Internet Crisis: Extensive Outage Expected to Last for Months, Hardest-Hit Nations Identified

Africa’s Internet Crisis: Massive Outage Could Last Months, These...

FTC Investigates Reddit for AI Content Licensing Practices

FTC is investigating Reddit's plans...

Journalists Criticize AI Hype in Media

Summary Journalists are contributing to the hype and...