• DoorDash suffered a data breach earlier this year that affected 4.9 million people, the company announced Thursday.
  • Hackers stole information including names, delivery addresses, contacts, and some credit card information.
  • DoorDash has outlined steps users can take to see whether they're affected and secure their data going forward.
  • Visit Business Insider's homepage for more stories.

Delivery service DoorDash suffered a data breach earlier this year that affected the information of 4.9 million users, delivery workers, and restaurants, DoorDash announced Thursday afternoon.

The breach occurred on May 4, and affects people who started using the app before April 5, 2018. 

As a result of the breach, an unauthorized third party was able to gain access to users' profile information, including names, email addresses, delivery addresses, order history, and phone numbers.

The last four digits of some consumers' credit cards were also accessed, but not full card numbers or CVVs. For some delivery workers and restaurants, the unauthorized third party accessed the last four digits of bank account numbers. This credit card and banking information is not sufficient to make fraudulent charges or withdrawals, according to DoorDash.

DoorDash recently surpassed Uber Eats to become the second-largest food delivery service in the U.S. after GrubHub, the parent company of Seamless and Eat24, according to Quartz. It is valued between $6 billion and $7 billion.

Months before the data breach was announced, the food delivery app drew controversy 
over its decision to use tips to subsidize delivery workers' wages, rather than giving tips directly to workers. DoorDash has since announced changes to its tipping policy.

Am I affected by the DoorDash data breach?

DoorDash said it has begun contacting people affected by the data breach, and will continue to do so in the coming days.

Anyone who joined DoorDash after April 5, 2018, is not affected, and can rule themselves out as a potential victim of the breach.

Even if you haven't been contacted by DoorDash regarding the breach, the app recommends all users change their password immediately to be safe.

If you have questions for DoorDash about the breach, the company has set up a help line that can be reached at 855-646-4683.

Read DoorDash's full statement on the breach here.

This post originally appeared on Business Insider.

Published on: Sep 27, 2019