Security News > 2022 > August > Now Oktapus gets access to some DoorDash customer info via phishing attack
DoorDash has confirmed that "a small percentage" of its customers' data and employees' information, including names, email and delivery addresses, phone numbers, and order and partial credit card details, were revealed as part of a broad phishing campaign dubbed Oktapus.
"We can confirm the incident is connected to a wider, sophisticated phishing campaign that has targeted several other companies," a company spokesperson told The Register.
"For a smaller set of consumers, basic order information and partial payment card information was also accessed," beyond the basic lifted data, we are told.
For Dashers - the delivery drivers - stolen information was mostly limited to names, phone numbers and email address.
The lifted personal information hasn't been "Misused for fraud or identity theft at this time," DoorDash noted, adding that the miscreants weren't privy to customers' or employees "Sensitive information."
"Based on our investigation to date, the information accessed by the unauthorized party did not include passwords, full payment card numbers, bank account numbers, or Social Security or Social Insurance numbers," it said.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/26/doordash_oktapus_phishing/
Related news
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)