South San Francisco, CA September 28, 2019
We take the security of our community very seriously. Earlier this month, we became aware of unusual activity involving a third-party service provider. We immediately launched an investigation and outside security experts were engaged to assess what occurred. We were subsequently able to determine that an unauthorized third party accessed some DoorDash user data on May 4, 2019. We took immediate steps to block further access by the unauthorized user and to enhance security across our platform.
What information was involved
Based on that investigation, we believe that some of your DoorDash user account information has been accessed.
The type of data that has been accessed could include profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords—a form of rendering the actual password indecipherable to third parties. For some consumers, the last four digits of consumer payment cards were also accessed. However, full credit card information such as full payment card numbers or a CVV was not accessed. This means that the information accessed is not sufficient to make fraudulent charges on your payment card.
What steps we’ve taken
We immediately blocked further access by the unauthorized user. We have also taken a number of additional steps to further secure your data, which include adding additional protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats.
What should you do?
We do not believe that user passwords have been compromised, but out of an abundance of caution, we are encouraging all of those affected to reset their passwords to one that is unique to DoorDash. As a best practice, if you use the same password for multiple accounts, we recommend that you reset your passwords for all those accounts. You can change your DoorDash password by visiting https://www.doordash.com/
We deeply regret the frustration and inconvenience that this may cause you. For further information, please see our blog and FAQ page at blog.doordash.com. We’ve also set up a dedicated call center available 24/7 for support at 855-646-4683.
Every member of the DoorDash community is important to us, and we want to assure you that we value your security and privacy. We are in the process of reaching out to those affected by this incident, and you may receive multiple communications from us if you are also a DoorDash merchant or Dasher. We know that you trust us to connect you with the best of your community, and we will never take that trust for granted.