SecurityWeek reports that food delivery firm DoorDash had its customer and email data compromised following a third-party data breach.
Threat actors have exploited a third-party vendor's access to DoorDash systems, which was then leveraged to facilitate the exploitation of the food delivery platform's internal tools and access to data belonging to "a small percentage of individuals," according to DoorDash. Some customers had their names, email and delivery addresses, and phone numbers compromised, with some also having their partial payment card information and basic order details accessed, while DoorDash couriers had their names, email addresses, and phone numbers exposed. Despite not naming the third-party vendor impacted by the breach, DoorDash noted that the attack was related to the widespread phishing attack that compromised Twilio and more than 130 other organizations, which Group-IB noted has led to attackers securing access to almost 10,000 credentials. However, Twilio was not the hacked third-party vendor that caused the DoorDash breach, according to both DoorDash and Twilio.
Seventy-four percent of codebases had high-risk open source vulnerabilities last year, representing a significant increase over the 48% of those with exploited flaws, proof-of-concept exploits, and remote code execution issues in 2022.