DTX Manchester DTX Manchester
  • About Us
Friday, 5 March, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Almost 5 million customers, delivery drivers and partners hit by DoorDash data breach

Comments from Experts:

by The Gurus
November 7, 2019
in Hacking, Security News
Doordash Review
Share on FacebookShare on Twitter

Food delivery company, DoorDash, has confirmed it was hit by a data breach which exposed the data of close to 5 million customers, delivery people and partners. The breach took place in May of this year, and it’s unclear why it has taken DoorDash so long to reveal the details.

According to a spokesperson for DoorDash, the breach took place via a third party provider – who was not named – and affected users who had joined the platform prior to April 5th, 2018. Stolen data included names, email and delivery addresses, telephone numbers and, most worryingly, hashed and salted passwords. Customers who joined after this date were not affected.

The Guru reached out to several cybersecurity experts to get their reaction to the news.

Rosemary O’Neill, director – customer delivery, at NuData Security – part of Mastercard:

“Data in the wrong hands – especially personally identifiable information – can have a huge impact on customers. Personal information, combined with other user data from other breaches and social media, builds a complete profile. In the hands of fraudsters and criminal organisations, these valuable identity sets are usually sold to other cybercriminals and used for a myriad of criminal activities, both on the Internet and in the physical world. Every hack has a snowball effect that far outlasts the initial breach.

We must change the current equation of “breach = fraud” by changing how companies think about online identity verification; the key is to make it valueless.

Once the customer’s data is out, it doesn’t have to generate losses for that client or the company where the data is used. Companies can use technologies that detect when this data is being used. Most of the times, the data is used on automated attacks that can be detected with good bot-detection and behavior evaluation tools. Additionally, technologies that look at inherent user patterns like passive biometrics add to security by flagging when the right information is presented for a user, but that user is behaving unusually.

The balance of power will return to customer protection when more companies implement such techniques and technology.”

Rob Gurzeev, CEO and Co-Founder at CyCognito :

“Unfortunately, this kind IT ecosystem risk isn’t unique to DoorDash. In fact, IT and security teams often don’t even know if and where all of their organisation’s digital infrastructure and assets are, or whether they’re fully protected.  This ‘awareness gap’ is called shadow risk, and it’s a major problem. Organisations need to expose that shadow risk by mapping and assessing their full attack surface.”

Paul Bischoff, privacy advocate at Comparitech.com:

“The third-party provider did it” is becoming a common chorus among many companies whose data was breached or exposed. If you think you’re only giving up information exclusively to one party when you sign up for any sort of account these days, you’re very likely mistaken. Data sharing is common place, because not every company is equipped to secure, analyse, or exploit it. A food delivery service, for example, might not excel at digital advertising. So it contracts that part of its business out to a third party. But those external providers aren’t even on most consumers’ radars, and they might not set as high of standards when it comes to securing data.

Erich Kron, security awareness advocate at KnowBe4:

“This particular breach disclosed a significant amount of information, even though the passwords were hashed and salted. By using information from this breach, attackers could create a very convincing phishing email using your name, email address and phone number, along with the last four digits of the credit card and trick a person into believing it was legitimate. This is even worse for delivery drivers who have had their drivers’ license number also compromised. Any time there is a lot of correlated data in a breach, the bad guys can use that against people. The fact that this data has been available for so long before people were notified is unfortunate, especially when customers had reported suspicious activity so long ago. If you have ever wondered how scammers get the information they use to call people claiming that their Social Security Number is suspended, or that the IRS is going to arrest them, this is one way that it happens.”

Warren Poschman, senior solutions architect at comforte AG:

“With a nearly five-month delayed breach response, DoorDash has given its customers more to worry about than getting cold tikka masala.  Although payment information was seemingly not stolen, the theft of critical personal data including names, addresses and in some cases driving license data makes this yet another example of how securing data using a data-centric security approach, where the actual data is protected instead of the systems, is necessary.  Unfortunately, DoorDash has responded by delivering some security leftovers by only “…adding additional protective security layers around the data, improving security protocols that govern access to our systems”.  Today’s attack vectors require more than disk encryption, firewalls, and access management – it requires protecting the actual data that the attacker is after, not just the system around the data.”

FacebookTweetLinkedIn
Share1TweetShare
Previous Post

Community Underpins Our Cybersecurity

Next Post

Authority, Openness and Approachability: Key Attributes to Building a Strong Cybersecurity Team

Recent News

Fraud attempts skyrocketed in 2020 according to latest Financial Crime Report from Feedzai

Fraud attempts skyrocketed in 2020 according to latest Financial Crime Report from Feedzai

March 4, 2021

Top 10 awards to enter for cybersecurity 

March 3, 2021
Medal

Identity theft: US Congressional Medal of Honor

March 3, 2021
Dripping tap

Learning from past hacking attacks

March 2, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept