A data breach that exposed customer and staff information and was tied to the recent cyberattack on Twilio has been disclosed by the food delivery service DoorDash.
According to DoorDash, hackers misused a vendor’s access to its networks. By abusing DoorDash’s internal tools, the hacker was able to access the data of a small fraction of people.
Customers’ names, email addresses, delivery addresses, and phone numbers are among the compromised data. In certain instances, basic order information and partial payment card information were also made public.
The attacker gained access to the name, phone number, or email address of Dashers—those who make deliveries. It’s worth noting that an earlier data breach at DoorDash in 2019 resulted in the exposure of information on roughly 5 million consumers.
As per the spokesperson of DoorDash Justin Crowley, the unnamed third-party vendor provides services that require limited access to specific internal tools, but the vendor hack is connected to the phishing attempt that affected SMS and messaging giant Twilio on August 4.
Researchers connected these attacks to a larger phishing campaign carried out by the same hacker group known as “0ktapus,” which since March has stolen nearly 10,000 employee login credentials from at least 130 busi
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: