On Wednesday, August 24, food delivery company DoorDash admitted that it was one of 130 organizations targeted by 0ktapus and that the data breach compromised the personal information of its customers.
DoorDash suffers a data breach
According to Mashable, the DoorDash data breach happened right after 0ktapus hacked into Twilio’s system, stealing the company’s login credentials.
After the incident, the food delivery company confirmed that its customers’ personal information was stolen, including their names, delivery addresses, email addresses, phone numbers and partial credit card information.
DoorDash did not reveal the exact number of customers affected by the data breach, but it assured customers that their account passwords and full credit card numbers were not compromised.
The company also did not disclose when it discovered that its system had suffered a security breach.
A DoorDash spokesperson told TechCrunch that as soon as the company realized its system had been hacked, it immediately conducted an internal investigation. It hired a cybersecurity expert to improve its security systems.
Also Read: Yandex Food Delivery Service Leak Reveals Russian Secret Police Personal Information
Previous data breach
This isn’t the first time DoorDash has suffered a data breach. In 2019, the food delivery company was hacked, affecting over 4 million customers.
The company admitted the breach happened in May 2019, but didn’t report the incident until September 2019. DoorDash also said the hack happened because of a third-party service provider, but declined to name them.
According to Mashable, customers who joined the DoorDash platform before April 2018 had their full name, email address, shipping address, order history, phone numbers and passwords stolen.
At the same time, more than 100,000 delivery drivers had their driver’s license information stolen during the data breach.
Other organizations affected by the hack
According to Gizmodo, hacker 0ktapus stole approximately 10,000 login credentials from employees of 130 companies in North America.
Other companies affected by the incident were Cloudflare, MailChimp, Epic Games, Riot Games, CoinBase, Microsoft, and Coinbase.
Security firm Group-IB reported that the threat actor managed to do this by launching a sophisticated phishing attack.
According to the company, the hacker used a phishing toolkit to victimize employees of companies included in its target list. Toolkits are prepackaged and can be purchased on the dark web.
0ktapus went after companies that used the access management company called Okta. Using the phishing toolkit, the hacker sent phishing text messages to his targets which he manipulated to look exactly like the identity authentication pages provided by Okta.
Since the pages appeared legitimate, many victims entered their information, including their usernames, passwords, and multi-factor authentication code.
After the victims entered their information, the hacker routed the data to a Telegram account he controlled. From there, he used Okta’s credentials to log into the companies the victims worked for.
The hacker abused network access to steal company data and engage in supply chain attacks that affected other companies.
Group-IB also reported that it’s unclear what 0ktapus did with all the stolen data, but it’s possible it was sold online.
Related Article: Comcast Resets 200,000 Passwords: No Data Breach, But What To Do If You Have One
This article belongs to Tech Times
Written by Sophie Webster
ⓒ 2022 TECHTIMES.com All rights reserved. Do not reproduce without permission.