On Wednesday, Aug. 24, food delivery company DoorDash admitted that it was one of the 130 organizations targeted by 0ktapus, and the data breach had compromised the personal information of its customers.
DoorDash Suffers Data Breach
According to Mashable, DoorDash's data breach happened right after 0ktapus hacked into Twilio's system, stealing the company's login credentials.
After the incident, the food delivery company confirmed that the personal information of its customers was stolen, including their names, delivery addresses, email addresses, phone numbers, and partial credit card information.
DoorDash did not reveal the exact number of customers affected by the data breach, but it did assure its customers that their account passwords and full credit card numbers were not compromised.
The company also did not reveal when it discovered that its system suffered a security breach.
A DoorDash spokesperson told TechCrunch that as soon as the company realized its system had been breached, it conducted an internal investigation immediately. It hired a cybersecurity expert to enhance its security systems.
Also Read : Yandex Food Delivery Service Leak Revealed Personal Information of Russia's Secret Police
Previous Data Breach
This is not the first time that DoorDash has suffered a data breach. In 2019, the food delivery company was hacked, affecting more than 4 million customers.
The company admitted that the breach happened in May 2019 but did not report the incident until September 2019. DoorDash also said the hack happened because of a third-party service provider but refused to name them.
According to Mashable, customers who joined the DoorDash platform before April 2018 had their full name, email, delivery address, order history, phone numbers, and passwords stolen.
At the same time, more than 100,000 delivery drivers had their driver's license information stolen in the data breach.
Other Organizations Affected by the Hack
According to Gizmodo, hacker 0ktapus stole around 10,000 login credentials from the employees of 130 companies in North America.
Other companies affected by the incident were Cloudflare, MailChimp, Epic Games, Riot Games, CoinBase, Microsoft, and Coinbase.
Security firm Group-IB reported that the threat actor was able to pull it off by launching a sophisticated phishing attack.
According to the firm, the hacker used a phishing toolkit to victimize employees of the companies included in his list of targets. The toolkits are prepackaged and can be purchased on the dark web.
0ktapus went after companies that used the access management firm called Okta. Using the phishing toolkit, the hacker sent SMS phishing messages to his targets that he manipulated to look exactly like the ID authentication pages provided by Okta.
Since the pages looked legit, many victims entered their information, including their usernames, passwords, and multi-factor authentication code.
After the victims entered their information, the hacker funneled the data to a Telegram account he controlled. From there, he used the Okta credentials to log into the companies the victims worked for.
The hacker abused the network access to steal company data and engage in supply chain attacks that affected other firms.
Group-IB also reported that it is not clear what 0ktapus did with all of the stolen data, but it is possible that they were sold online.
Read also: Comcast Resets 200,000 Passwords: No Data Breach But What To Do If You're A Victim Of One
This article is owned by Tech Times
Written by Sophie Webster