Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 25 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Almost 5 million customers, delivery drivers and partners hit by DoorDash data breach

Comments from Experts:

by The Gurus
November 7, 2019
in Hacking, Security News
Doordash Review
Share on FacebookShare on Twitter

Food delivery company, DoorDash, has confirmed it was hit by a data breach which exposed the data of close to 5 million customers, delivery people and partners. The breach took place in May of this year, and it’s unclear why it has taken DoorDash so long to reveal the details.

According to a spokesperson for DoorDash, the breach took place via a third party provider – who was not named – and affected users who had joined the platform prior to April 5th, 2018. Stolen data included names, email and delivery addresses, telephone numbers and, most worryingly, hashed and salted passwords. Customers who joined after this date were not affected.

The Guru reached out to several cybersecurity experts to get their reaction to the news.

Rosemary O’Neill, director – customer delivery, at NuData Security – part of Mastercard:

“Data in the wrong hands – especially personally identifiable information – can have a huge impact on customers. Personal information, combined with other user data from other breaches and social media, builds a complete profile. In the hands of fraudsters and criminal organisations, these valuable identity sets are usually sold to other cybercriminals and used for a myriad of criminal activities, both on the Internet and in the physical world. Every hack has a snowball effect that far outlasts the initial breach.

We must change the current equation of “breach = fraud” by changing how companies think about online identity verification; the key is to make it valueless.

Once the customer’s data is out, it doesn’t have to generate losses for that client or the company where the data is used. Companies can use technologies that detect when this data is being used. Most of the times, the data is used on automated attacks that can be detected with good bot-detection and behavior evaluation tools. Additionally, technologies that look at inherent user patterns like passive biometrics add to security by flagging when the right information is presented for a user, but that user is behaving unusually.

The balance of power will return to customer protection when more companies implement such techniques and technology.”

Rob Gurzeev, CEO and Co-Founder at CyCognito :

“Unfortunately, this kind IT ecosystem risk isn’t unique to DoorDash. In fact, IT and security teams often don’t even know if and where all of their organisation’s digital infrastructure and assets are, or whether they’re fully protected.  This ‘awareness gap’ is called shadow risk, and it’s a major problem. Organisations need to expose that shadow risk by mapping and assessing their full attack surface.”

Paul Bischoff, privacy advocate at Comparitech.com:

“The third-party provider did it” is becoming a common chorus among many companies whose data was breached or exposed. If you think you’re only giving up information exclusively to one party when you sign up for any sort of account these days, you’re very likely mistaken. Data sharing is common place, because not every company is equipped to secure, analyse, or exploit it. A food delivery service, for example, might not excel at digital advertising. So it contracts that part of its business out to a third party. But those external providers aren’t even on most consumers’ radars, and they might not set as high of standards when it comes to securing data.

Erich Kron, security awareness advocate at KnowBe4:

“This particular breach disclosed a significant amount of information, even though the passwords were hashed and salted. By using information from this breach, attackers could create a very convincing phishing email using your name, email address and phone number, along with the last four digits of the credit card and trick a person into believing it was legitimate. This is even worse for delivery drivers who have had their drivers’ license number also compromised. Any time there is a lot of correlated data in a breach, the bad guys can use that against people. The fact that this data has been available for so long before people were notified is unfortunate, especially when customers had reported suspicious activity so long ago. If you have ever wondered how scammers get the information they use to call people claiming that their Social Security Number is suspended, or that the IRS is going to arrest them, this is one way that it happens.”

Warren Poschman, senior solutions architect at comforte AG:

“With a nearly five-month delayed breach response, DoorDash has given its customers more to worry about than getting cold tikka masala.  Although payment information was seemingly not stolen, the theft of critical personal data including names, addresses and in some cases driving license data makes this yet another example of how securing data using a data-centric security approach, where the actual data is protected instead of the systems, is necessary.  Unfortunately, DoorDash has responded by delivering some security leftovers by only “…adding additional protective security layers around the data, improving security protocols that govern access to our systems”.  Today’s attack vectors require more than disk encryption, firewalls, and access management – it requires protecting the actual data that the attacker is after, not just the system around the data.”

FacebookTweetLinkedIn
Share1TweetShare
Previous Post

Community Underpins Our Cybersecurity

Next Post

Authority, Openness and Approachability: Key Attributes to Building a Strong Cybersecurity Team

Recent News

Synopsys discover new vulnerability in Pluck Content Management System

Synopsys discover new vulnerability in Pluck Content Management System

March 24, 2023
Dole Food Company

Dole confirms employee data was breached following February ransomware attack

March 24, 2023
call centre

MyCena Improves Customer Data Access Protection in Call Centers and BPOs

March 23, 2023
Blue logo, capitalised letters. SPECOPS.

Fortune 500 Company Names Found in Compromised Password Data

March 23, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information