A data breach at US-based food delivery company DoorDash has exposed the personal data of some of its customers and drivers.
In a blog post, the firm revealed that this was the result of a ‘sophisticated phishing attack’ by an unauthorised party on a third-party vendor. The company did not name the vendor.
The hackers got access to some internal tools through stolen credentials of the vendor’s employees.
Some of the details that were compromised in the breach included order and partial payment card data, as well as emails, phone numbers and delivery addresses of some customers.
Hackers also got access to the names, phone numbers or email addresses of some of the company’s drivers.
According to the food delivery firm, passwords, bank account numbers, social security or social insurance numbers, and full payment card numbers were not breached.
DoorDash said that it immediately disabled the vendor’s access to its systems after identifying suspicious activity from their computer network.
The vendor offers some services that require limited access to certain internal tools.
In the blog post, DoorDash said: “Importantly, the phishing campaign did not compromise sensitive information and we have no reason to believe that affected personal information has been misused for fraud or identity theft at this time.”
The firm has not revealed the exact numbers of customer and driver information compromised in the breach.
In June, DoorDash concluded the acquisition of Finnish multinational food delivery platform Wolt in an $8.1bn deal.
With operations across 23 countries, Wolt is engaged in the delivery of food from restaurants, as well as other goods from local stores.