From the techcrunch article: "It’s not clear why it took almost five months for DoorDash to publicly reveal the breach. DoorDash spokesperson Mattie Magdovitz say why [sic]."
Pretty bad. If personal identity info is exposed, it is irresponsible not to notify users immediately so they can freeze credit and watch for suspicious activity. The blog post did mention a third-party vendor, so it's possible there was a delay, but it's a whole other problem if it took this long to find a breach.
This sounds like it could be "flipboard-itis". Flipboard stored passwords insecurely in the beginning (SHA-1), but switched to bcrypt as it scaled. The passwords breached were before 2015, so possibly a similar thing here where they started out with bad security and improved with scale (but left the old stuff behind). I'm guessing Doordash did something similar and improved security as it scaled.
They really should have given some actual information, i.e. how the information was stored. I want to know what algorithm was used, not how "it was securely stored so people still can't take your money" or some other corporate-speak intended to mitigate the damage.
I'm not sure what you're trying to point out, but it seems like the data was stolen from a third party DoorDash uses, and that they only had data from users that registered on or before April 5, 2018. The breach actually happened on May 4, 2019.
(And the 2015 reference in the comment you're replying to is about a Flipboard breach, not DoorDash)
From the techcrunch article: "It’s not clear why it took almost five months for DoorDash to publicly reveal the breach. DoorDash spokesperson Mattie Magdovitz say why [sic]."
Pretty bad. If personal identity info is exposed, it is irresponsible not to notify users immediately so they can freeze credit and watch for suspicious activity. The blog post did mention a third-party vendor, so it's possible there was a delay, but it's a whole other problem if it took this long to find a breach.
This sounds like it could be "flipboard-itis". Flipboard stored passwords insecurely in the beginning (SHA-1), but switched to bcrypt as it scaled. The passwords breached were before 2015, so possibly a similar thing here where they started out with bad security and improved with scale (but left the old stuff behind). I'm guessing Doordash did something similar and improved security as it scaled.