DoorDash Data Breach: How to Tell if You’ve Been Hacked

DoorDash Data Breach: How to Tell if You’ve Been Hacked

Remember when home-cooked meals happened six nights a week instead of just during the holidays? I don’t really do either. Delivery is indeed a major convenience though. From groceries and prescriptions to corporate lunches, family dinners and late night snacks, if you can order it on an app, such as Uber Eats, it can be on your doorstep in about an hour. Yes, delivery is a major convenience but, just like with everything in life, there are risks and your data can be compromised. Just ask the almost $5 million DoorDash users, merchants and workers who were recently hacked. Hits a little too close to home.

 

Consumer behavior, along with the concept of dinnertime itself, have both evolved in the past few years, making food delivery one of the the newest up and coming fads. The industry, referred to as third party logistics, is experiencing “unprecedented growth to the tune of $43 billion in deliveries (2018) and is forecasted to rise to $76 billion by 2022.” As reported in Barron’s, GrubHub this past spring was losing the food-delivery war with DoorDash stealing the show. “For the industry, DoorDash’s pace of share gain is the dominant trend,” reported KeyBanc analyst Andy Hargreaves, March, 2019. DoorDash just recently surpassed Uber Eats as the second-largest food-delivery service in the U.S. after GrubHub. We regularly use all three providers, but with a preference for DoorDash only because of the availability of restaurant choices.

 

What actually was hacked?

The latest report according to Business Insider, detailed that the breach occurred in May and affects some users who started using the DoorDash app before April 5, 2018…. “DoorDash said an unauthorized third party was able to access some users’ profile information, including names, email addresses, delivery addresses, order history and phone numbers.” The article continued to report that the last four digits of some consumers’ credit cards were also accessed, but not full card numbers or CVVs. “For some delivery workers and restaurants, the unauthorized third party accessed the last four digits of bank-account numbers.” DoorDash did announce that the “credit card and banking information is not sufficient to make fraudulent charges or withdrawals.” That gives us a little peace of mind. Maybe.

 

How do you know if you were hacked?

DoorDash reported to Business Insider that it had begun contacting people affected by the data breach and will continue to do so as they become known. The company did recommend that even those who hadn’t been contacted by DoorDash regarding the breach should still change their password immediately to be safe.

 

– If you signed up for DoorDash after April 5, 2018, your data is likely safe. If you can’t recall when you signed up, contact them to find out.

– Check your bank account(s) which are tied to your DoorDash account for fraudulent activity. Hackers count on people not reviewing every item on their credit card and bank statements.

– Contact your identity theft solutions provider immediately and especially if you notice anything “off” in your statement(s).

– Do you use the same password for multiple accounts? We recommend that your passwords are updated on a routine basis and that the same one isn’t used across multiple accounts.

 

Hackers will continue to hack. That is a definite certainty in this day and age. When we set up any type of home delivery, it is unnerving to not be able to trust that they will keep us safe as well as our food. Maybe we all should go back to those home-cooked meals … now, how do you turn the oven on again?

 

Need help? Our Member Services team is here for you 24/7/365. Call us at 888.966.GUARD (4827) or email memberservices@guardwellid.com.

 

References:

Fortune. Morris, Chris. “DoorDash Data Breach: What to Do If Your Account Was Compromised.” September 27, 2019.

Business Insider. Holmes, Aaron. “DoorDash Hack: How to Tell If You’re Affected.” September 26, 2019.

Do You Know What Alexa, Google and Siri Are Up To?

Do You Know What Alexa, Google and Siri Are Up To?

Not everyone has a smart speaker in their home or office, but most of us do have a smart phone. When setting up your device, you were likely asked whether or not you wanted to activate your assistant. Doing so doesn’t take very long … you say a few phrases when prompted so it can get to know your voice and that’s pretty much it … you officially have a virtual assistant. Have you ever wondered how your assistant actually works?

 

Virtual assistants, such as Amazon’s Alexa, Apple’s Siri and Google’s Assistant, use artificial intelligence (AI) to parse what is said or typed and then provide useful information back. Want to know something quickly without lifting a finger? Simply say a wakeword phrase such as, “Hey Siri,” or whatever your smart application is called, and ask away. You could say, “Who wrote Gone with the Wind?” or “What is 23.5 times 6?” or “Play I Can’t Get No Satisfaction.” When you talk to a smart phone or speaker, you know that your voice is being recorded and that there will be a result – sometimes it’s an answer, other times the correct action is taken or occasionally there may be an inquiry back to clarify the request. But, just as false starts happen in races, false positive recordings can be triggered by something as simple as someone zipping up their jeans because it sounds to Siri like the person’s muffled voice. If you have ever experienced Siri being accidentally activated during a time when not requested, you know that it can be a bit embarrassing … and a little unnerving.

 

If privacy is a big concern of yours, you might want to throw your smart speaker or device out the window. These instruments are indeed paying attention to us, but does this mean that they can listen and record all of the time? Amazon hopes so. A newly revealed patent application filed by the company is raising privacy concerns over an envisaged upgrade to the company’s smart speaker systems. This change would mean that, by default, the devices end up listening to and recording everything you say in their presence. The idea is similar to Apple’s live photos, where video is recorded before and after a user takes a picture. Since the application is being asked to do something for us, then we are basically acknowledging that our privacy isn’t desired at that point in time.

 

Amazon.com, Inc. employs thousands globally to help improve the Alexa digital assistant through its line of Echo speakers. Rene Ritchie explained in his latest blog (July 28, 2019) titled Why People Are Freaking Out Over Siri Privacy Right Now, that “the team listens to voice recordings captured in homes and offices. The recordings are transcribed, annotated and then fed back into the software as part of an effort to eliminate gaps in Alexa’s understanding of human speech and help it better respond to commands.” Ritchie remarked, “If Amazon does decide to use the tech in its products, it’s unclear whether customers would be able to opt out of the ‘always on’ recording.”

 

Ritchie continued on with detail about Amazon’s patent application. “While the patent application explains devices would record audio in 10 to 30 second increments and automatically delete unneeded clips, privacy experts say it is cause for concern because it demonstrates tech companies’ growing ability to surveil customers at all times and potentially misuse collected information.”

 

Let’s take a glance at another tech giant, Apple, who recently told The Guardian: “A small portion of Siri requests are analyzed to improve Siri and dictation. User requests are not associated with the user’s Apple ID. Siri responses are analyzed in secure facilities and all reviewers are under the obligation to adhere to Apple’s strict confidentiality requirements.” The company added that a very small random subset, less than 1% of daily Siri activations, are used for grading, like whether the request was intentional or a false positive that accidentally triggered Siri, or if the response was helpful. They added that those snippets used for grading are typically only a few seconds long.  But, what if those few seconds just happen to be you discussing a very private medical issue with your doctor or a very sensitive issue with a family member? How can you prevent being part of a company’s grading process? Currently, the only way to have peace of mind that a random stranger won’t listen in on your Apple device is to stop using Siri entirely.

 

Heidi Messer for The New York Times wrote that “consumers should not be so paranoid about privacy. “The right to absolute privacy no longer exists and excessive regulation of tech companies will only stifle innovation and prevent job creation.” Privacy in the digital age may not be completely deceased but it is hanging on by its fingernails. Just remember, when you agree to use these products, you’re often giving up much more than you think.