DoorDash, a delivery and takeout company, has acknowledged that a phishing assault allowed some of its customers' data to be obtained.
The business said in a blog post that it was the most recent entity to be impacted by the ripple effects of a hack that targeted Twilio earlier this month.
According to DoorDash, when the unidentified attackers gained access to Twilio's endpoints(opens in new tab), they obtained login information that some Twilio staff members used to access some DoorDash tools. The attackers went on to access the sensitive data it was holding using those credentials.
Secure passwords and payment information
Apart from stating that "a small percentage" of customers may have been impacted, the corporation did not disclose the precise number of consumers affected by the hack, although it did reveal what data was accessed.
According to the site, "For consumers, the information accessible mostly consisted of name, email address, delivery address, and phone number." "For a smaller group of customers, the last four digits of the card number and other basic order information (such as the card type) were also accessible. Name, phone number, and/or email address were the main pieces of information that the unauthorised person accessed about Dashers.
The company confirmed that passwords, full payment card details, bank account information, Social Security numbers, and Social Insurance numbers were not accessed. It also said that it had not discovered any indications that the leaked data had been utilised for identity theft or fraud.
DoorDash temporarily restricted Twilio's access to its systems in order to address the problem. Without going into specifics, it also claimed to have "further strengthened" both its own security systems and the security systems of its third-party vendors.
Along with reminding staff and third-party vendors to be on the lookout for any unusual activity, we also distributed security advisories to other third-party vendors outlining the precise strategies utilised.
As part of the ongoing investigation, the business also hired a cybersecurity company, informed its users, and got in touch with police enforcement.
Right now, these are the top identity management tools (opens in new tab).
