- What to do if you’ve lost your AirPods charging case 1 Year Ago
- Stephen Miller’s racist emails leak 1 Year Ago
- Why was parody Twitter account Seinfeld2000 suspended? 1 Year Ago
- Ed Sheeran lookalike trolls YouTubers at KSI-Logan Paul fight Today 10:21 AM
- ‘The World According to Jeff Goldblum’ is for stans only Today 9:28 AM
- The ‘Sonic the Hedgehog’ live-action redesign is a marked improvement Today 9:01 AM
- U.S. gamers create as much carbon dioxide as 5 million cars Today 8:28 AM
- Disney+ TV characters like Ms. Marvel will appear in MCU movies Today 8:04 AM
- Apple TV+ offers something for younger viewers with ‘Helpsters’ Today 8:01 AM
- How to watch ‘The Mandalorian’ Today 7:34 AM
- ‘Snoopy in Space’ is a delightful kids show that parents will love too Today 7:08 AM
- How to watch ‘Lady and the Tramp’ Today 7:00 AM
- Netflix’s ‘Let It Snow’ delivers a stocking full of rom-com coal Today 6:41 AM
- Student allegedly posted roommate’s ‘missing’ flyer on Instagram before being charged with her murder Monday 11:45 PM
- Reddit AITA: Man verbally abused partner through cat impersonations Monday 7:18 PM
A number of DoorDash users are reporting that hackers have gained access to their accounts and are using them to fraudulently order food deliveries.
Dozens of people are reporting being hacked. The hackers typically change the account information associated with the profile, making it difficult for DoorDash users to recover their account, they say. While users are reporting issues on Twitter and Reddit, DoorDash is moving uncomfortably slowly for those affected—if the company has responded to complaints at all.
@DoorDash Hey Doordash. My account was just hacked by someone in San Fransisco named Angus. Please message me how to rectify and get my $$ back.— Kelly Olive (@KellyOlivePR) September 25, 2018
@DoorDash any chance you’re going to respond to my account getting hacked?— Kris H (@huzzball) September 21, 2018
“This seems like a truly widespread problem, and DoorDash isn’t being responsive at all,” one Reddit user complained following a $400 spending spree on their card.
“We do not have any information to suggest that DoorDash has suffered a data breach,” spokesperson Becky Sosnov told TechCrunch via email. “To the contrary, based on the information available to us, including internal investigations, we have determined that the fraudulent activity reported by consumers resulted from credential stuffing.”
Credential stuffing is the name for when hackers use login information obtained from a hack of another site. While some users confirmed to TechCrunch that they had used their DoorDash password on other sites—suggesting that credential stuffing could certainly be to blame—other DoorDash users said that they had a unique, 20-plus character passcode for the service. This would suggest that hackers are either using brute force on accounts, or as some conspiracy theorists speculate, that there could be someone on the inside facilitating these hacks in some way. Another possibility is that these hackers are using social engineering to glean information about a user, and then use that information to gain access to the account via DoorDash’s support channels.
If you’ve got a DoorDash account, this is a good reminder to make sure you’re using a secure password (more than the eight-character minimum currently required) that hasn’t been re-used on other websites.
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.