{"id":4580,"date":"2019-09-27T11:00:15","date_gmt":"2019-09-27T15:00:15","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=4580"},"modified":"2019-09-27T11:00:15","modified_gmt":"2019-09-27T15:00:15","slug":"facts-and-commentary-on-the-2019-doordash-breach","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/facts-and-commentary-on-the-2019-doordash-breach\/","title":{"rendered":"Facts and Commentary on the 2019 DoorDash Breach"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-4581\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg\" alt=\"Facts and Commentary on the 2019 DoorDash Breach\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg 800w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod-300x150.jpg 300w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod-768x384.jpg 768w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod-540x270.jpg 540w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod-162x81.jpg 162w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Once again, we face the <a href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-identity-and-access-management-software-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener noreferrer\">reality<\/a> of an enterprise data breach affecting millions. Yesterday, food delivery service DoorDash announced the breach of 4.9 million users. The affected users include customers, delivery workers, and merchants.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">According to a blog post by <a href=\"https:\/\/blog.doordash.com\/important-security-notice-about-your-doordash-account-ddd90ddf5996#46h35gr24e\" target=\"_blank\" rel=\"noopener noreferrer\">DoorDash<\/a>, the breach occurred on May 4; it does not affect customers who joined after April 5, 2018.\u00a0<\/span><\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"iam-inject\" href=\"https:\/\/solutionsreview.com\/identity-management\/identity-and-access-management-vendor-map-of-the-best-solutions\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" title=\"IAM VendorMap\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2020\/02\/IM_VM_SB_800.jpg\" alt=\"Download Link to IAM Vendor Map\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">However, users who joined prior to that date suffered from significant data theft. The hackers stole names, emails, delivery addresses, order history, phone numbers, and salted and hashed passwords from customers.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Although full payment card numbers and verification values remained secure, hackers did steal the last four digits of those cards. Meanwhile, those responsible also stole the last four digits of delivery workers\u2019 and merchants\u2019 bank accounts. Moreover, around 100,000 delivery workers had their driver\u2019s license information stolen.\u00a0\u00a0\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Unfortunately, many questions remain unanswered in the wake of DoorDash breach; prominently, some ask why DoorDash representatives took months to announce the breach. Additionally, DoorDash spokesperson Mattie Magdovitz said the breach was due to \u201ca third-party service provider\u201d whom they did not specify.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Unfortunately, DoorDash suffered a cybersecurity incident previously. Almost a year prior, DoorDash customers complained of hacked accounts. Initially, DoorDash denied the breach at the time.\u00a0<\/span><\/p>\n<h2 style=\"text-align: justify\"><b>What Experts Say About the DoorDash Breach<\/b><\/h2>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Of course, the DoorDash breach prompted a string of expert commentary from throughout the identity security world. Here are a few of our favorites!\u00a0<\/span><\/p>\n<h3><strong>ForgeRock<\/strong><\/h3>\n<p style=\"text-align: justify\"><em>Ben Goodman is CISSP and SVP of global business and corporate development at <a href=\"https:\/\/forgerock.com\" target=\"_blank\" rel=\"noopener noreferrer\">ForgeRock.<\/a><\/em><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cTo maintain employee and user trust, and avoid legal consequences, applications and all other companies need to be more proactive in identifying and notifying customers of breaches, leaks or any other security vulnerabilities. Additionally, this breach could have been avoided if DoorDash leveraged modern and comprehensive identity access management (IAM) tools.\u201d\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cIAM tools can provide organizations with ongoing, contextual security that prompts further identity verification, such as 2FA or MFA, when an unauthorized or unknown user attempt to access a database. With these in place, organizations ensure the safety of their data, employees, partners, and customers.\u201d<\/span><\/p>\n<h3><strong>AttackIQ<\/strong><\/h3>\n<p style=\"text-align: justify\"><em>Stephan Chenette is Co-Founder and CTO at <a href=\"https:\/\/attackiq.com\" target=\"_blank\" rel=\"noopener noreferrer\">AttackIQ.<\/a><\/em><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cThis incident is a good reminder that it\u2019s not just customers who are impacted when a breach occurs. Given their service model, DoorDash must maintain the trust of workers and merchants in order to survive, and protecting their sensitive data is a big part of maintaining that trust.\u201d\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cOrganizations should continuously assess the viability of their security controls to make sure that they are enabled, configured correctly and operating effectively. Cybercriminals are continuously looking for gaps in security defenses and overlooked basic security misconfigurations, to turn a quick profit. It shouldn\u2019t take a massive breach for companies to realize they need a more proactive approach to strengthen security.\u201d\u00a0<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>How to Learn More<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The DoorDash data breach indicates a clear violation of the principles of customer identity and access management (CIAM). To learn more about CIAM and IAM in general, you should check out our <a href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-identity-and-access-management-software-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener noreferrer\">2019 Identity Management Buyer\u2019s Guide<\/a>. We cover the top vendors and their key capabilities in detail.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\"><br \/>Widget not in any sidebars<br \/><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Once again, we face the reality of an enterprise data breach affecting millions. Yesterday, food delivery service DoorDash announced the breach of 4.9 million users. The affected users include customers, delivery workers, and merchants.\u00a0 According to a blog post by DoorDash, the breach occurred on May 4; it does not affect customers who joined after [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":4581,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5,1],"tags":[142,986,125,153,16,1249,1250,132,76],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Facts and Commentary on the 2019 DoorDash Breach<\/title>\n<meta name=\"description\" content=\"Yesterday, food delivery service DoorDash announced the breach of 4.9 million users. The affected users include customers, delivery workers, and merchants.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/facts-and-commentary-on-the-2019-doordash-breach\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/facts-and-commentary-on-the-2019-doordash-breach\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/facts-and-commentary-on-the-2019-doordash-breach\/\",\"name\":\"Facts and Commentary on the 2019 DoorDash Breach\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/facts-and-commentary-on-the-2019-doordash-breach\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/facts-and-commentary-on-the-2019-doordash-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg\",\"datePublished\":\"2019-09-27T15:00:15+00:00\",\"dateModified\":\"2019-09-27T15:00:15+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"Yesterday, food delivery service DoorDash announced the breach of 4.9 million users. The affected users include customers, delivery workers, and merchants.\u00a0\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/facts-and-commentary-on-the-2019-doordash-breach\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/facts-and-commentary-on-the-2019-doordash-breach\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/facts-and-commentary-on-the-2019-doordash-breach\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"CVS Database Containing Over 1 Billion Records Exposed\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/facts-and-commentary-on-the-2019-doordash-breach\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Facts and Commentary on the 2019 DoorDash Breach\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Facts and Commentary on the 2019 DoorDash Breach","description":"Yesterday, food delivery service DoorDash announced the breach of 4.9 million users. The affected users include customers, delivery workers, and merchants.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/facts-and-commentary-on-the-2019-doordash-breach\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/facts-and-commentary-on-the-2019-doordash-breach\/","url":"https:\/\/solutionsreview.com\/identity-management\/facts-and-commentary-on-the-2019-doordash-breach\/","name":"Facts and Commentary on the 2019 DoorDash Breach","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/facts-and-commentary-on-the-2019-doordash-breach\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/facts-and-commentary-on-the-2019-doordash-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg","datePublished":"2019-09-27T15:00:15+00:00","dateModified":"2019-09-27T15:00:15+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"Yesterday, food delivery service DoorDash announced the breach of 4.9 million users. The affected users include customers, delivery workers, and merchants.\u00a0","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/facts-and-commentary-on-the-2019-doordash-breach\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/facts-and-commentary-on-the-2019-doordash-breach\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/facts-and-commentary-on-the-2019-doordash-breach\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg","width":800,"height":400,"caption":"CVS Database Containing Over 1 Billion Records Exposed"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/facts-and-commentary-on-the-2019-doordash-breach\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"Facts and Commentary on the 2019 DoorDash Breach"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/4580"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=4580"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/4580\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/4581"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=4580"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=4580"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=4580"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}