"DoorDash Data Compromised Following Twilio Hack"

Food delivery company DoorDash recently revealed that customer and employee data has been exposed due to a recent breach at a third-party vendor.  DoorDash said hackers abused a third-party vendor's access to its systems.  The attacker abused DoorDash's internal tools and gained access to the information of "a small percentage of individuals."  In the case of consumers, the compromised information includes names, email addresses, delivery addresses, and phone numbers.  In some cases, partial payment card information (card type and last four digits of card number) and basic order information were also exposed.  In the case of Dashers, the attacker accessed their names, phone numbers, and email addresses.  DoorDash noted that based on their investigation to date, the information accessed by the unauthorized party did not include passwords, full payment card numbers, bank account numbers, or Social Security or Social Insurance numbers.  The company added that it has "no reason to believe that affected personal information has been misused for fraud or identity theft."  While the food delivery platform's public security notice does not name the affected third-party vendor, the company has told the media that it's Twilio.

SecurityWeek reports: "DoorDash Data Compromised Following Twilio Hack"