SAN FRANCISCO, Sept. 26 (Xinhua) -- DoorDash Inc., a San Francisco-based on-demand food delivery service supplier, on Thursday confirmed that about 4.9 million customers, merchants and delivery workers had their sensitive data illegally compromised.
The company admitted that "a third party service provider," which it did not name specifically, made unauthorized access to the information of DoorDash employees, users and food service businesses, including names, addresses, order history, phone numbers and other data.
It said the data hacking took place in May, and hackers stole the information of the last four digits of the credit or debit cards of some customers and merchants.
The breach also included the driver's licenses of about 100,000 DoorDash delivery workers, said the company.
However, DoorDash said the full bank account information, including card verification values, did not leak, and users who joined after April 5, 2018, were not affected.
The company said that security measures had been taken to address the issue.
"We immediately launched an investigation and outside security experts were engaged to assess what occurred," it said.
A similar data breach happened last September when DoorDash customers complained their passwords used on the platform were stolen.