P2022-ND-058

DoorDash, Inc.

On July 31, 2022, the Organization noticed suspicious access to a customer service tool from two Alorica user accounts. The Organization promptly launched an investigation in conjunction with Alorica. By August 5, 2022, suspicious activity originating from two additional Alorica user accounts was identified. The investigation determined that the Alorica customer service agents provided their credentials to an unauthorized party in response to an apparent phishing scam. The Organization reported “The unauthorized party was then able to access the relevant Organization customer service tools and run queries that returned certain information relating to customers and Dashers.” The Organization believes the unauthorized access to personal information occurred between July 25 and August 2, 2022. The advanced tactics used in this incident appear to be connected to a much wider phishing campaign that has been reported in the news as targeting a number of other technology companies.

File Type: pdf
Categories: 2022
Tags: Unauthorized access