It was confirmed DoorDash, the food delivery company. In a blog post, Thursday, September 26, 2019, that 4.9 million customers, delivery workers, and merchants had their information stolen by hackers.

The breach happened on May 4, 2019, but added that customers who joined after April 5, 2018, are not affected by the breach. It’s not clear why it took almost five months for DoorDash to detect the breach.

Users who joined the platform before April 5, 2018, had their name, email and delivery addresses, order history, phone numbers and hashed and salted passwords stolen.

Consumers had the last four digits of their payment cards taken, though full numbers and card verification values (CVV) were not taken. Both delivery workers and merchants had the last four digits of their bank account numbers stolen.

Around 100,000 delivery workers also had their driver’s license information stolen in the breach.

The news comes almost exactly a year after DoorDash customers complained that their accounts had been hacked. The company at the time denied a data breach and claimed attackers were running credential stuffing attacks, in which hackers take lists of stolen usernames and passwords and try them on other sites that use the same passwords. But many of the customers we spoke to said their passwords were unique to DoorDash, ruling out such an attack.

When asked at the time, DoorDash could not explain how the affected accounts were breached.

So the question is, what should you do to protect yourself after a breach?

If a company with your information has a data breach, there are a few critical steps you can take to avoid becoming a victim of identity theft. Remember, a breach doesn’t automatically mean your identity has been stolen.

Change Your Passwords

It’s a good idea to go ahead and change your passwords—especially if you use the same password in multiple places. Hint: Don’t use the same password across accounts! Using the same password for all your social media profiles, email addresses, and bank accounts is just asking for trouble. Instead, you should always use unique passwords and change them every 90 days. If the service provides dual or multi-factor authentication, TURN it ON.

Creating different passwords can be tricky. But whatever you do, don’t rely on a phrase or anything easy to guess. (Sorry, that means famous quotes and maiden names aren’t proper fallbacks.) Get creative!

Here's how:

• Use a combination of uppercase and lowercase letters

• Use special characters

• Make your passwords long (12 characters minimum)

• Use random words strung together (instead of “merrychristmas” try “GrinchHome@loneElf18”)
  

Check Your Credit Report

Look through your credit report to see if anything suspicious or odd stands out to you. Checking your credit reports does not impact your credit score, that's a myth.

You can get one free credit report per year from each of the three major credit-monitoring bureaus. This means you can check your credit report every 3–4 months. If you can stay on top of your credit report, you could have the upper hand in noticing suspicious activity.

Look for red flags like these:

• Inactive accounts that suddenly have activity on them

• A line of credit appears that you didn’t open

• Your personal information is incorrect

• A good standing account is in collections

• A credit inquiry pops up that you didn’t apply for

We know it can be annoying to sift through your bank transactions each day. But then again, if you can make time to scroll through your social media feeds, you should be able to make time to keep your money and identity safe.

Your bank should alert you if they see anything irregular going on—but don’t rely on that. It’s much more beneficial if you're the one checking your account every single day.

Get Identity Theft Protection

A robust identity theft protection program can help keep you from being a sitting duck waiting for identity theft to find you. Be proactive! Make sure you’re prepared before you become a victim of a data breach. You actually can take action to protect yourself from identity theft!