As reported, the complaints regarding DoorDash account hacks by the customers kept growing on social media for about a month. All the complaints reported almost similar incidents. In almost all cases, the hackers changed the account email addresses, and/or, made purchases with users’ credit cards.
Although the happenings seemingly hinted towards a cyber attack at the firm level DoorDash confirmed in a blog post that the users suffered credential stuffing attack.
“Our fraud detection and security teams are monitoring this situation closely and are continuing to investigate. Based on our initial investigation, we believe that DoorDash consumer accounts were accessed via credential stuffing.”Regarding the extent of the impact of this cyber attack, the firm claims it to affect a “small subset” only.
“We have been notified by a small subset of DoorDash users (a fraction of one percent) that unauthorized orders may have been placed on their accounts.”
Some time ago, Jersey Mike's also warned their customers to reset passwords after they suspected cyber attack via a third party. Like DoorDash, they also claimed that their website remained safe from any direct cyber attack. Regarding the DoorDash hacks, the investigations are still underway. Therefore, we hope to receive further details about the incident in the upcoming days. We shall keep our readers updated in this case.
Let us know your thoughts in the comments section.