Sep 9, 2022 10:39:28 AM
.jpg?width=200&height=78&name=CH%20Diligence%20(thicker%20line).jpg "CH Diligence (thicker line)")
Sep 9, 2022 10:39:28 AM
The Target: DoorDash, a popular food delivery company.
The Take: Exposure of Personally Identifiable Information belong to customers and employees including: names, customer delivery addresses, phone numbers, and some partial credit card information.
The Vector: The attackers breached a third-party company that DoorDash works with through a phishing attack. By using the compromised credentials, they were able to move in the vendor’s network freely and then access some of DoorDash’s own internal tools.
This breach is a stark reminder of the effective of social engineering attacks and how critical authentication controls are in an overall robust cybersecurity posture. Enforcing multi-factor authentication, reasonably paced password resets, and regular social engineering and phishing awareness training are all effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montréal
1080 Côte du Beaver Hall, Suite 904
Montréal, QC
Canada, H2Z 1S8
+1-450-465-8880
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy