More supply chain nastiness…:
[…] A hack on food-delivery service DoorDash leaked the personal data of 4.9 million customers, delivery workers, and merchants, the company revealed on Thursday.
The breach took place on May 4, but DoorDash officials didn’t learn of it until earlier this month when they noticed unusual activity involving an unnamed third-party service provider. That’s what DoorDash says in post, which began: “We take the security of our community very seriously.” Data obtained by the attacker could include names, email addresses, delivery addresses, order histories, phone numbers, and cryptographically hashed and salted passwords.
Also exposed were the last four digits of customers’ payment cards and the last four digits of delivery workers’ and merchants’ bank accounts. Drivers license numbers for about 100,000 delivery workers were also accessed.