American food delivery giant DoorDash has confirmed it was hit by a data breach, after discovering suspicious activity from a third-party vendor’s network.
Per reports, the modus operandi was a sophisticated phishing campaign. Perpetrators leveraged vendor's stolen network credentials to gain access to DoorDash’s internal tools, the company stated.
RELATED RESOURCE
Escape the ransomware maze
Conventional endpoint protection tools just aren’t the best defence anymore
Following a preliminary investigation, the firm confirmed certain personal information of customers has been exposed. However, DoorDash affirms, as of now, customers’ personal information has not been abused for fraud or identity theft.
Name, email address, delivery address, and phone numbers are among the personally identifiable information disclosed. Basic order information and partial payment card information of select customers were also exposed.
DoorDash confirmed the data breach does not include passwords, full payment card numbers, bank account numbers, or Social Security or Social Insurance numbers.
To thwart further activities by perpetrators, DoorDash temporarily disabled the vendor’s access to its system. The firm also concluded the attack is tied to a wider phishing campaign that has targeted several other companies.
“While the incident was the result of a phishing attack targeted at a third party, we took action to further enhance DoorDash’s already robust security systems, as well as our third-party vendor’s security systems,” said DoorDash.
“We have also shared security alerts with other third-party vendors detailing the specific tactics used and reminded employees and third-party vendors to be on alert for any suspicious activity.”
-
AI layoffs could spark a new wave of offshoringNews Analysts expect a wave of rehiring next year in the wake of AI layoffs. That may sound like good news for workers, but it'll probably involve offshoring or outsourcing.
-
Hackers are using these malicious npm packages to target developers Windows, macOS, and Linux systemsNews Security experts have issued a warning to developers after ten malicious npm packages were found to deliver infostealer malware across Windows, Linux, and macOS systems.
