Security News > 2022 > August > Now Oktapus gets access to some DoorDash customer info via phishing attack
DoorDash has confirmed that "a small percentage" of its customers' data and employees' information, including names, email and delivery addresses, phone numbers, and order and partial credit card details, were revealed as part of a broad phishing campaign dubbed Oktapus.
"We can confirm the incident is connected to a wider, sophisticated phishing campaign that has targeted several other companies," a company spokesperson told The Register.
"For a smaller set of consumers, basic order information and partial payment card information was also accessed," beyond the basic lifted data, we are told.
For Dashers - the delivery drivers - stolen information was mostly limited to names, phone numbers and email address.
The lifted personal information hasn't been "Misused for fraud or identity theft at this time," DoorDash noted, adding that the miscreants weren't privy to customers' or employees "Sensitive information."
"Based on our investigation to date, the information accessed by the unauthorized party did not include passwords, full payment card numbers, bank account numbers, or Social Security or Social Insurance numbers," it said.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/26/doordash_oktapus_phishing/
Related news
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)