Food delivery giant DoorDash has confirmed a data breach that has left customers' personal information exposed to hackers, the company announced in a statement Wednesday.

DoorDash stated that an "undisclosed number of customers had their names, email addresses, delivery addresses, phone numbers, and partial payment card numbers" stolen. For drivers with the company, hackers were able to access names, phone numbers, and email address information.

In its statement, DoorDash explained that the breach was the result of a third-party vendor that was hacked through a sophisticated phishing campaign. Employees of the vendor had credentials that were stolen that were then used to access DoorDash's internal tools. The company said it cut off the third-party vendor’s access to its systems after discovering “unusual and suspicious” activity.

DoorDash did not state any timeline of discovery of the breach. A spokesperson with DoorDash told TechCrunch that the company took time to "fully investigate what happened, which users were impacted and how they were impacted” before disclosing the data breach."

SEE ALSO:Apple security flaw may allow hackers full control of devices, company warns

According to TechCrunch, DoorDash did not name the third-party vendor but did confirm the company was reached by the same bad actors that compromised SMS communication company Twilio earlier this month. Other companies affected by the Twilio hack include the authentication service Okta; messaging platform Signal; and password manager LastPass. The CEO of LastPass Karim Toubba confirmed in a letter that hackers stole source code and proprietary information but found "no evidence the incident exposed any customer data or passwords."

Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter.By signing up you agree to our Terms of Use and Privacy Policy.Thanks for signing up!

A Twilio spokesperson confirmed in an email to Mashable that it was not the third-party vendor responsible for the DoorDash breach.

DoorDash confirmed in its statement that information like passwords, full payment card numbers, bank account numbers, or Social Security or Social Insurance numbers were not accessed. Furthermore, the company told TechCrunch that it's hired an unnamed cybersecurity expert to help investigate the compromise and further strengthen the company's security systems.

"We value the trust we’ve built with each and every member of the DoorDash community and protecting our platform and your personal information is a top priority for DoorDash," the company's statement read. "We sincerely regret that this attack occurred."

---

Related Stories

---

• Signal users' phone numbers exposed in major Twilio hack
• Gigabyte reportedly hit with ransomware attack
• Robinhood data breach exposes 7 million users' personal information
• Major security flaw exposes fingerprints of more than 1 million people

Previously in 2019, hackers stole customer data from DoorDash, resulting in 4.9 million customers, drivers, and merchants having their information compromised. The company also blamed the attack on an unnamed third-party vendor.

UPDATE: Aug. 28, 2022, 7:15 p.m. CDT This article was updated to clarify that the Twilio hack was not responsible for the DoorDash breach.