Sept. 26 (UPI) -- Food delivery service DoorDash said Thursday that a data breach exposed the personal details of some 4.9 million customers.
The company said not all customers and merchants were affected, only those who joined the service before April 5, 2018.
The compromised information included names, email addresses, delivery addresses, order history, phone numbers, and for some, the last four digits of credit card and bank account numbers. For about 100,000 people, driver's license numbers were also vulnerable.
"Earlier this month, we became aware of unusual activity involving a third-party service provider. We immediately launched an investigation and outside security experts were engaged to assess what occurred," DoorDash said in a blog post.
"We were subsequently able to determine that an unauthorized third party accessed some DoorDash user data on May 4, 2019. We took immediate steps to block further access by the unauthorized third party and to enhance security across our platform. We are reaching out directly to affected users."
DoorDash said it added "additional protective security layers" around data through its site. The company encouraged all customers to change their passwords.
"We deeply regret the frustration and inconvenience that this may cause you," DoorDash said. "Every member of the DoorDash community is important to us, and we want to assure you that we value your security and privacy."