DoorDash data breach affected 4.9 million

The food-delivery platform DoorDash revealed on Thursday that 4.9 million of its users, vendors and delivery workers were exposed in a data breach to an “unauthorized third party.”

The company said in a blog post on Thursday that the exposed information included sensitive financial data like partial credit card and bank account numbers but not enough to make fraudulent purchases.

DoorDash said that the exposed information could include names, order history, email addresses, delivery addresses and phone numbers.

It’s unclear who accessed the data, which only covered people who had joined the platform before April 5, 2018. The breach, which was first discovered earlier this month, occurred on May 4 of this year.

“We took immediate steps to block further access by the unauthorized third party and to enhance security across our platform,” the blog post reads. “We are reaching out directly to affected users.”