A DoorDash data breach has potentially exposed the personal information of about 5 million users, the delivery service said Thursday.
The data spill could include names, addresses and phone numbers, DoorDash said. Masked, indecipherable passwords were also exposed, as well as portions of payment and bank account numbers, according to the California-based company.
“We do not believe that user passwords have been compromised and the information accessed is not sufficient to make fraudulent charges on payment cards or fraudulent withdrawals from bank accounts,” DoorDash said on its website.
The food delivery service, launched in 2013, said the breach occurred in May and that it has enhanced its security protections since it became aware of the exposure earlier this month. DoorDash also said that only users who joined before April 5, 2018 were affected.
The license plates of about 100,000 couriers were also accessed, the company said.
DoorDash said it was reaching out to affected users.