End of september, Doordash confirmed a data breach which affected 4.9 million customers, workers, merchants. Doordash is a popular food delivery company and their data was stolen by a group of hackers. They also informed, customers who affected after 5 April 2018 were not affected. The breach from data is known to have happened in May 4 and it took 5 moths to get detected. User details such as name, email, delivery address, passwords (hashed and salted), ordering history, last 4 digits of card were stolen. Around 100,000 delivery workers had their driver license details stolen.
Why It Happened ?
The company got aware of a suspicious activity from a third party vendor. On investigation, it was found a third party unauthorized access was done around May 2018. DoorDash said it blocked the unauthorized user’s access, added additional protective security layers around the data, improved security protocols that govern access to systems, and brought in outside expertise.
What Can You Learn ?
The above attack used various loopholes at various stages and we can list a few mitigation steps from it.
- Encryption all sensitive data must always be encrypted which ensures if a data is stolen it renders of no use. Despite being common practice it is known in cases like facebook database breach, plain texts are often stored
- Third Party Security measures to make sure any vulnerability doesn’t affect one’s own customers
- PII regulations within the company for careful distribution of PII. Collection of PII only restricted to only when absolutely necessary
- Third Party Risk Assessment Modern tools enable one to understand the threat landscape arising from their vendors