Food delivery startup DoorDash has received a number of complaints from customers who say their accounts have been hacked. A lot of people have tweeted at @DoorDash with their complaints stating that their accounts had been improperly accessed and had fraudulent food deliveries charged to their account.
In several cases, the hackers changed their email addresses so that the user could not regain access to their account until they contacted customer services. However, many people said that they never got a response from DoorDash.
“We do not have any information to suggest that DoorDash has suffered a data breach,” said spokesperson Becky Sosnov. “To the contrary, based on the information available to us, including internal investigations, we have determined that the fraudulent activity reported by consumers resulted from credential stuffing.”
DoorDash has achieved $4 billion valuation target after raising $250 million last month, and serves more than 1,000 cities across the U.S. and Canada.
To this, DoorDash said that there has been no data breach and that the likely culprit was credential stuffing, in which hackers take lists of stolen usernames and passwords and try them on other sites that may use the same credentials.