Security News > 2022 > August > Now Oktapus gets access to some DoorDash customer info via phishing attack
DoorDash has confirmed that "a small percentage" of its customers' data and employees' information, including names, email and delivery addresses, phone numbers, and order and partial credit card details, were revealed as part of a broad phishing campaign dubbed Oktapus.
"We can confirm the incident is connected to a wider, sophisticated phishing campaign that has targeted several other companies," a company spokesperson told The Register.
"For a smaller set of consumers, basic order information and partial payment card information was also accessed," beyond the basic lifted data, we are told.
For Dashers - the delivery drivers - stolen information was mostly limited to names, phone numbers and email address.
The lifted personal information hasn't been "Misused for fraud or identity theft at this time," DoorDash noted, adding that the miscreants weren't privy to customers' or employees "Sensitive information."
"Based on our investigation to date, the information accessed by the unauthorized party did not include passwords, full payment card numbers, bank account numbers, or Social Security or Social Insurance numbers," it said.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/26/doordash_oktapus_phishing/
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)