Linked to a recent cyber attack on Twilio, food delivery service Doordash has disclosed a data breach that affects both staff and clients.
The hacker in question gained access using stolen credentials from a third-party vendor. Information exposed includes email addresses, names, delivery addresses and phone numbers. For a few customers, basic order information and partial credit card (CC) information, including card type, was accessed.
Doordash staff may have had their names, phone numbers and email addresses exposed.
The company made a statement to TechCrunch that this breach was linked to an attack that occurred on Twilio, who provides verification for Signal users, earlier this month.
The Twilio attack is part of ‘Oktapus’, a larger SMS phishing campaign aimed at accessing Okta login credentials. Other companies targeted by this cyber attack include Microsoft, Verizon, Slack, BestBuy and Infosys.
A Doordash security notice states that the company “swiftly disabled the vendor’s access to our system and contained the incident.”
Sign up to our mailing list to receive more IT related educational information: