
The food-delivery platform DoorDash revealed on Thursday that 4.9 million of its users, vendors and delivery workers were exposed in a data breach to an “unauthorized third party.”
The company said in a blog post on Thursday that the exposed information included sensitive financial data like partial credit card and bank account numbers but not enough to make fraudulent purchases.
DoorDash said that the exposed information could include names, order history, email addresses, delivery addresses and phone numbers.
“We took immediate steps to block further access by the unauthorized third party and to enhance security across our platform,” the blog post reads. “We are reaching out directly to affected users.”
DoorDash said that no user passwords had been compromised but encouraged users to change their passwords if they had any concerns about their security.