Online delivery giant DoorDash has confirmed that it has been hit by a data breach, which has affected several customers and merchants.
The company said it recently became aware that a third-party vendor was the target of a sophisticated phishing campaign and that certain personal information maintained by DoorDash was affected.
“Importantly, the phishing campaign did not compromise sensitive information and we have no reason to believe that affected personal information has been misused for fraud or identity theft at this time,” the company said in a blogpost.
“Because we value the trust our users place in us, we are sharing an update on what happened and how we are responding,” it added.
DoorDash recently detected unusual and suspicious activity from a third-party vendor’s computer network. In response, it swiftly disabled the vendor’s access to our system and contained the incident.
“Based on our investigation, we determined the vendor was compromised by a sophisticated phishing attack. The unauthorised party used the stolen credentials of vendor employees to gain access to some of our internal tools,” the company said.
“The advanced tactics used appear to be connected to a wider phishing campaign that has targeted a number of other companies. We understand that law enforcement is aware of this campaign and is actively investigating. We have contacted them to offer our support,” it added.
The company said the investigation has determined that a small percentage of individuals whose data is maintained by DoorDash was affected in connection with this incident.
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)