- DoorDash, Inc (NYSE:DASH) has confirmed a data hack that exposed customers' personal information.
- DoorDash said malicious hackers stole credentials from employees of a third-party vendor to gain access to some of DoorDash's internal tools.
- DoorDash verified the vendor breach's link to the phishing campaign that compromised Twilio Inc (NYSE:TWLO) on August 4
- DoorDash said the attackers accessed the names, email addresses, delivery addresses, and phone numbers of DoorDash customers.
- For a "smaller subset" of users, hackers accessed partial payment card information, including card type and the last four digits of the card number.
- For DoorDash delivery drivers or Dashers, hackers accessed data that "primarily included the name and phone number or email address."
- DoorDash disabled the third-party vendor's access to its systems after discovering the "unusual and suspicious" activity.
- Experts linked these attacks to a broader phishing campaign by the same hacking group, dubbed "0ktapus," which has embezzled 10,000 employee credentials from at least 130 organizations, including Twilio and Signal.
- The corporate victims included reputed organizations providing IT, software development, and cloud services. The hackers also targeted 13 organizations in the finance industry, seven retail giants, and two video game organizations.
- Earlier this year, hackers compromised the two-factor authentication provider Okta, Inc (NASDAQ: OKTA), Microsoft Corp (NASDAQ: MSFT), and Nvidia Corp (NASDAQ: NVDA).
- Price Action: DASH shares traded lower by 1.28% at $64.12 premarket on the last check Friday.
- Photo by Gerd Altmann from Pixabay
© 2026 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
To add Benzinga News as your preferred source on Google, click here.
