Doordash Breach (4.9 Million Customers Affected)

End of september, Doordash confirmed a data breach which affected 4.9 million customers, workers, merchants. Doordash is a popular food delivery company and their data was stolen by a group of hackers. They also informed, customers who affected after 5 April 2018 were not affected. The breach from data is known to have happened in May 4 and it took 5 moths to get detected. User details such as name, email, delivery address, passwords (hashed and salted), ordering history, last 4 digits of card were stolen. Around 100,000 delivery workers had their driver license details stolen.

What Can You Learn ?

The above attack used various loopholes at various stages and we can list a few mitigation steps from it. 

  • Encryption all sensitive data must always be encrypted which ensures if a data is stolen it renders of no use. Despite being common practice it is known in cases like facebook database breach, plain texts are often stored
  • Third Party Security measures to make sure any vulnerability doesn’t affect one’s own customers
  • PII regulations within the company for careful distribution of PII. Collection of PII only restricted to only when absolutely necessary
  • Third Party Risk Assessment Modern tools enable one to understand the threat landscape arising from their vendors

References

https://www.cnet.com/news/doordash-data-breach-affected-4-9-million-customers-workers-and-merchants/

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

20 − eighteen =