DoorDash has confirmed a data breach.
The food delivery company said in a blog post Thursday that 4.9 million customers, delivery workers and merchants had their information stolen by hackers.
The breach happened on May 4, the company said, but added that customers who joined after April 5, 2018 are not affected by the breach.
It’s not clear why it took almost five months for DoorDash to detect the breach.
DoorDash spokesperson Mattie Magdovitz blamed the breach on “a third-party service provider,” but the third-party was not named. “We immediately launched an investigation and outside security experts were engaged to assess what occurred,” she said.
Users who joined the platform before April 5, 2018 had their name, email and delivery addresses, order history, phone numbers,