DoorDash is committed to the security of our community and combating fraudulent activity on our platform. We have been notified by a small subset of DoorDash users (a fraction of one percent) that unauthorized orders may have been placed on their accounts.
Our fraud detection and security teams are monitoring this situation closely and are continuing to investigate. Based on our initial investigation, we believe that DoorDash consumer accounts were accessed via credential stuffing. This type of fraud occurs when passwords acquired from previous data incidents affecting other companies are used to login to accounts on our platform. We have implemented a variety of fraud detection capabilities, and we will continue to take measures to enhance the security of our platform.
While our investigation continues, as a precautionary measure, we encourage users to reset their passwords by clicking here. If you need help resetting your password, please contact DoorDash Support at password-assistance@doordash.com.
Protecting our community was originally published in DoorDash on Medium, where people are continuing the conversation by highlighting and responding to this story.