The days of calling up your favorite pizza place, and spending 10 minutes on the phone trying to explain which topping you want are long gone—we use delivery service apps for that nowadays.
DoorDash, UberEats, and GrubHub are among the most popular apps of this kind. They are reliable, easy to use, and make the whole process of ordering food effortless. But are they secure?
DoorDash: Worrying Data Breaches
So is DoorDash safe to use? DoorDash has had two major security breaches. In 2019, 4.9 million customers, delivery workers, and merchants had their data stolen.
As the company said in a blog post published at the time, cybercriminals gained access to names, email addresses, delivery addresses, and phone numbers. More worryingly, some people had the last four digits of their credit card numbers stolen, while certain merchants' bank account numbers were partially exposed. It's important to note that this breach took place in May 2019, which suggests that it took DoorDash five months to detect it.
DoorDash suffered a similar breach in August 2022. Just like three years earlier, DoorDash explained in a blog post that names, email addresses, delivery addresses, and phone numbers of an unspecified number of consumers were stolen. Partial credit card information was taken from "a smaller set of consumers," according to the company.
It seems that DoorDash is struggling to secure its systems for some reason. Two major breaches in three years is unacceptable, and so is the apparent lack of transparency.
UberEats: A Massive Breach and Coverup
Uber has suffered several significant breaches over the years. In 2021, cybersecurity firm Cyble revealed that login credentials of 579 UberEats customers were leaked on the dark web. Information belonging to 100 delivery drivers was also leaked by the same threat actor—this information included credit card details, according to Cyble.
But this breach pales in comparison to the one that took place in 2016, when the data of a staggering 57 million customers and drivers was stolen. This breach concerned the drive-sharing app Uber, but since it's possible to use the same account for Uber and UberEats (and most people probably do), it affected users of both apps.
As The Verge reported, Uber waited a year to disclose this breach publicly. The company allegedly struck a deal with the cybercriminals that targeted it, agreeing to pay a $100,000 ransom for their silence. In 2022, Uber admitted to covering up the massive hack, and reached a settlement with the US Department of Justice to avoid criminal prosecution.
So not only did Uber suffer a major breach, it also did its best to cover it up, and only admitted to what happened under pressure from the federal government.
GrubHub: Secure, But What About Privacy?
Unlike DoorDash and UberEats, GrubHub has not suffered a major data breach, or a data breach of any kind for that matter, at least not so far. This is certainly an encouraging sign, being that GrubHub is a massively popular app used by tens of millions of people across the US and elsewhere.
GrubHub has been accused of price manipulation and monopolistic behavior, and some lawsuits claim that it mistreats workers. However, on the security front, the platform seems to be solid. What about privacy though? How invasive is GrubHub, and what does it do with the data it collects?
In its privacy policy, the company says it collects all sorts of personal information. This information is shared with GrubHub's promotional partners, various third-party ad networks, social media companies, and such. To be fair, DoorDash and UberEats are hardly any better when it comes to privacy, but it's nonetheless important to keep this in mind.
Stay Proactive About Your Security
DoorDash, UberEats, and GrubHub are great apps that do what they're supposed to do very well, but they are not particularly secure, especially DoorDash and UberEats.
This clearly shows just how important it is to remain proactive about your cybersecurity and privacy, and take steps to secure your online identity.