Security News > 2022 > August > DoorDash discloses new data breach tied to Twilio hack
Food delivery firm DoorDash has disclosed a data breach exposing customer and employee data that is linked to the recent cyberattack on Twilio.
In a security advisory released Thursday afternoon, DoorDash says that a threat actor gained access to the company's internal tools using stolen credentials from a third-party vendor that had access to their systems.
Using this access, the threat actors could access the data of 163 Twilio customers and use that data in further supply-chain attacks.
"To date, our investigation has identified 163 Twilio customers - out of a total customer base of over 270,000 - whose data was accessed without authorization for a limited period of time, and we have notified all of them," explains an updated Twilio security advisory.
The fallout from this attack is just being realized, with Twilio disclosing this week that the hackers were also able to access 93 Authy 2FA accounts as part of the breach.
DoorDash previously suffered a data breach in 2019 that exposed the data of nearly 5 million customers.
News URL
Related news
- HPE notifies employees of data breach after Russian Office 365 hack (source)
- UN aviation agency investigating possible data breach (source)
- Washington state sues T-Mobile over 2021 data breach security failures (source)
- Largest US addiction treatment provider notifies patients of data breach (source)
- STIIIZY data breach exposes cannabis buyers’ IDs and purchases (source)
- EU law enforcement training agency data breach: Data of 97,000 individuals compromised (source)
- Wolf Haldenstein law firm says 3.5 million impacted by data breach (source)
- Otelier data breach exposes info, hotel reservations of millions (source)
- PayPal to pay $2 million settlement over 2022 data breach (source)
- UnitedHealth now says 190 million impacted by 2024 data breach (source)