"Approximately 4.9 million consumers, Dashers, and merchants who joined our platform on or before April 5, 2018, are affected. Users who joined after April 5, 2018 are not affected", DoorDash said in the statement.
The company specified the type of user data affected in the attack, including "Profile information including names, email addresses, delivery addresses, order history, phone numbers, as well as hashed, salted passwords — a form of rendering the actual password indecipherable to third parties".
DoorDash said that hackers stole "the last four digits" of some consumer credit cards, adding that "full credit card information such as full payment card numbers or a CVV was not accessed".
Moreover, "the last four digits of their bank account number" of "some Dashers and merchants" were stolen, according to the company statement, which promised that "the information accessed is not sufficient to make fraudulent withdrawals" from a bank account.
Doordash stated: "Earlier this month, we became aware of unusual activity involving a third-party service provider. We immediately launched an investigation and outside security experts were engaged to assess what occurred".
The meal delivery platform said that they took special measures, adding "protective security layers around the data, improving security protocols that govern access to our systems, and bringing in outside expertise to increase our ability to identify and repel threats".
DoorDash uses logistics services to offer online delivery of prepared meals from restaurants.