(Reuters) – DoorDash Inc on Thursday said personal details of some customers and drivers had been accessed by an “unauthorized party” in a phishing attack on a third-party vendor.
The U.S. food delivery firm said details accessed included order and partial payment card information, email, delivery address and phone number of some customers.
The unauthorized party, which used stolen credentials of the vendor’s employees to gain access to some internal tools, also got hold of names, phone numbers or email addresses of some drivers, DoorDash added. (https://bit.ly/3ctgYGa)
The company said it quickly disabled the vendor’s access to its system after detecting unusual and suspicious activity from the vendor’s computer network.
“We have no reason to believe that affected personal information has been misused for fraud or identity theft,” DoorDash said.
(Reporting by Praveen Paramasivam in Bengaluru; Editing by Vinay Dwivedi)