"We took immediate steps to block further access by the unauthorized third party and to enhance security across our platform," the blog reads. "We are reaching out directly to affected users."
The information stolen included:
- Email addresses
- Delivery addresses
- Order history
- Phone numbers
- Hashed, salted passwords (which is a form of rendering the actual password indecipherable to third parties)
Drivers also had their license information stolen.
DoorDash said some of their customers had the last four digits of their payment cards stolen as well as, possibly, the last four digits of their bank account information. However, the company assures customers the full account information was not stolen.
Reportedly, customers who joined the delivery service after April 5 were not affected.
DoorDash claims they did not become aware of the breach until earlier in September.