Posted on August 28, 2022 at 8:34 AM
Food delivery firm DoorDash says it recently suffered a cybersecurity attack where customers’ and employees’ data were exposed. According to the company, the data breach is linked to the recent attack on Twilio.
The Attack Came Through A Third-Party Vendor
The firm released a security advisory, announcing that hackers had access to its internal tools through stolen credentials from a third-party vendor that had authorized access to its system.
According to the notice, DoorDash detected suspicious and unusual activity from the computer network of a third-party vendor. After discovering the hacking activity, the company took immediate action. DoorDash stated that it quickly disabled the vendor’s access to its system, which prevented the hacking incident from spreading more.
The threat actor is used to access the internal tools of DoorDash to access data for both employees and consumers.
The Hackers Breached Profile Details Of Employees
The breached details include email addresses, phone numbers, and delivery addresses of the consumer. Additionally, the threat actors have access to partial credit card information and basic order information for a small subset of customers these include the last four digits of the card number and the type of card.
The company’s employees (Dashers) were also affected, as the threat actors had access to their names, email addresses, and phone numbers.
Although the name of the third party was not mentioned DoorDash stated that the hacking incident is linked to the same threat actors that successfully attacked Twilio.
DoorDash Previously Suffered A Cyber Attack In 2019
This will not be the first time DoorDash will be suffering a cyber attack. In 2019, the food delivery company had another incident that exposed close to 5 million customers, employees, and merchants.
According to the security notice published by the company, an unauthorized party had access to users’ data on May 4, 2019. But the exposure was limited to those who joined the platform on or before April 2018. Just like the recent data breach, the attack in 2019 was a result of the exposure of a third party that had access to the company’s system.
Also, the attackers were able to steal profile information such as email addresses, order history, delivery addresses, hashed and salted passwords, as well as phone numbers of the victims.
There has been a pattern where threat actors take that hacking activity to third parties who they consider less secure and easier to penetrate than he-man firms. Series of hacking incidents have successfully occurred through third parties
DoorDash’s Breach Is Part Of A Much Larger Data Breach
The recent breach of DoorDash is seen as part of a much larger Octopus phishing campaign. The attack gave the threat actors access to internal systems.
With the initial access, they collected the data of 163 Twilio customers and used that to carry out further supply-chain attacks.
The Twilio security advisory noted that the 163 Twilio customers were only a small portion of the 270,000 customers whose data were accessed without authorization. The security team also noted that all the affected users have been notified and advised on what to do to prevent any breach.
The impact of the attack has only been realized, as Twilio disclosed that the threat actors succeeded in accessing 93 Authy 2FA accounts as part of the breach. The breach also gave the threat actors access to the phone number of about 1,900 users.
The phishing campaign was discovered by cybersecurity company Group-IB. The firm stated that the hackers compromised more than 130 organizations all over the world through an SMS phishing campaign.
They make use of phishing domains that contain keywords such as SSO, VPN, HELP, and OKTA. They also tell the targets to access information or
A Sophisticated Phishing Attack
DoorDash is not the only company affected by the attack Other firms targeted in the attack include AT&T, T-Mobile, Binance, KuCoin, Coinbase, Mailgun, Infosys, BestBuy, Rogers, and Verizon Wireless.
The attacks were very successful, which led to the reported data breaches at Klavivo and MailChimp There was also an attempted breach of Cloudflare. But non of these affected companies have reported whether there was a success in the breach.
DoorDash stated that the attack was a sophisticated one, as the cybercriminals used tools to steal employee and customer credentials.
In response to the attack, users have been asked to take better security measures to protect themselves from such attacks in the future.