DoorDash has revealed details about a cyber attack. It said an unauthorized party has accessed personal details of some customers and drivers by in a phishing attack on a third-party vendor.
The U.S. food delivery firm said details accessed included order and partial payment card information, email, delivery address and phone number of some customers.
DoorDash said the unauthorized party, which used stolen credentials of the vendor’s employees to gain access to some internal tools, also got hold of names, mobile phone numbers or email addresses of some drivers.
The company said it disabled the vendor’s access to its system after detecting unusual and suspicious activity from the vendor’s computer network. DoorDash did not name the vendor.
“We have no reason to believe that affected personal information has been misused for fraud or identity theft,” DoorDash said.