Skip to content
The DonkeyThe Donkey
  • Home
  • Account Payable
  • Account Number
  • Account Recovery
  • Account Riot
  • -
  • -
Account Riot

DoorDash admits customers’ personal information was stolen after data breach

Posted on August 29, 2022August 29, 2022 by Amy A. Stuart
29
Aug

On Wednesday, August 24, food delivery company DoorDash admitted that it was one of 130 organizations targeted by 0ktapus and that the data breach compromised the personal information of its customers.

DoorDash suffers a data breach

According to Mashable, the DoorDash data breach happened right after 0ktapus hacked into Twilio’s system, stealing the company’s login credentials.

After the incident, the food delivery company confirmed that its customers’ personal information was stolen, including their names, delivery addresses, email addresses, phone numbers and partial credit card information.

DoorDash did not reveal the exact number of customers affected by the data breach, but it assured customers that their account passwords and full credit card numbers were not compromised.

The company also did not disclose when it discovered that its system had suffered a security breach.

A DoorDash spokesperson told TechCrunch that as soon as the company realized its system had been hacked, it immediately conducted an internal investigation. It hired a cybersecurity expert to improve its security systems.

Also Read: Yandex Food Delivery Service Leak Reveals Russian Secret Police Personal Information

Previous data breach

This isn’t the first time DoorDash has suffered a data breach. In 2019, the food delivery company was hacked, affecting over 4 million customers.

The company admitted the breach happened in May 2019, but didn’t report the incident until September 2019. DoorDash also said the hack happened because of a third-party service provider, but declined to name them.

According to Mashable, customers who joined the DoorDash platform before April 2018 had their full name, email address, shipping address, order history, phone numbers and passwords stolen.

At the same time, more than 100,000 delivery drivers had their driver’s license information stolen during the data breach.

Other organizations affected by the hack

According to Gizmodo, hacker 0ktapus stole approximately 10,000 login credentials from employees of 130 companies in North America.

Other companies affected by the incident were Cloudflare, MailChimp, Epic Games, Riot Games, CoinBase, Microsoft, and Coinbase.

Security firm Group-IB reported that the threat actor managed to do this by launching a sophisticated phishing attack.

According to the company, the hacker used a phishing toolkit to victimize employees of companies included in its target list. Toolkits are prepackaged and can be purchased on the dark web.

0ktapus went after companies that used the access management company called Okta. Using the phishing toolkit, the hacker sent phishing text messages to his targets which he manipulated to look exactly like the identity authentication pages provided by Okta.

Since the pages appeared legitimate, many victims entered their information, including their usernames, passwords, and multi-factor authentication code.

After the victims entered their information, the hacker routed the data to a Telegram account he controlled. From there, he used Okta’s credentials to log into the companies the victims worked for.

The hacker abused network access to steal company data and engage in supply chain attacks that affected other companies.

Group-IB also reported that it’s unclear what 0ktapus did with all the stolen data, but it’s possible it was sold online.

Related Article: Comcast Resets 200,000 Passwords: No Data Breach, But What To Do If You Have One

This article belongs to Tech Times

Written by Sophie Webster

ⓒ 2022 TECHTIMES.com All rights reserved. Do not reproduce without permission.

Related posts:

  1. Valiant players always complain about a smurf problem
  2. Capitol rioters accused of attempting to suppress telephone evidence: AP
  3. 49 Capitol Riot defendants tried to erase photos, videos and texts from phones
  4. How to get free LoL skins through Prime Gaming
This entry was posted in Account Riot. Bookmark the permalink.
Amy A. Stuart

Get the most out of your credit card: 6 tips for success as a cardholder
Saratoga Investment Corp. increases its quarterly dividend by
Categories
  • Account Number
  • Account Payable
  • Account Recovery
  • Account Riot
  • Uncategorized

account number accounts payable bank accounts capitol hill donald trump email address income tax joe biden law enforcement phone number president donald social security states capitol united states washington dc

Recent Posts
  • How to Get a Wells Fargo Credit Limit Increase – Forbes Advisor

  • Payoneer Global Inc. (NASDAQ:PAYO) Chief Financial Officer Michael G. Levine sells 7,536 shares

  • News from Trump today: Tax returns to be seen by Congress after Supreme Court rules against him

  • Drex heart attack: The Vancouver radio host will be on the air until 2023

  • Why Bank Customers Should Sign Their ATM Cards – Banker – The Whistler Newspaper

Archives
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • Privacy Policy
  • Terms and Conditions
  • Home
  • Account Payable
  • Account Number
  • Account Recovery
  • Account Riot
  • WooCommerce not Found
  • Newsletter