DoorDash, Zynga, and EA Data Breaches

I hesitate to say this, because I know how influential we are and that their future IPO may take a hit, but I…don’t use DoorDash.

*whisper whisper*

What’s that?  ……McDonald’s partnership?

Oh, ok then, they’ll be just fine.

But for those who do use the food delivery service, there is now unfortunately another thing for them to worry about besides where their food comes from (at least, that’s what I would worry about).  A data breach affecting 4.9 million customers and merchants is surely not what anyone ordered, but early last month that’s exactly what DoorDash discovered had happened.

To examine the cause is to find yet another instance where a third-party associate proved to be the weak link in the chain for a partner.  It was through such a vendor that information was improperly accessed, including addresses, phone numbers, and at least 100,000 driver’s license numbers.  No surprise, but this information could be used for years to come in all manner of fraud and phishing.

Another service people use has also experienced its fair share of breaches lately: video games (though I’m not thrilled about having to call them services, but that’s another topic).  Whether in the traditional console space or the mobile market, these “services” have become great stores of personal information.  Zynga is a good example of the latter.  Last month the company hinted at a data breach, and now it has come to light that a hacker compromised the accounts of some 218 million players of Zynga’s Words With Friends game.  Experts like Tiffany Olson Kleemann, VP of bot management at Imperva, state that incidents like this will often lead to increases in credential stuffing: using stolen login credentials from one breach to bombard other targets.

On the other side of the marketplace, we have massive publisher Electronic Arts committing its own data blunder.  FIFA 20, the flagship annual soccer series, recently opened registration for an upcoming tournament.  Unfortunately, while entering their own personal information, users saw information that didn’t belong to them.  That’s right, other players’ personal data was perfectly visible, affecting some 1,600 people.

There is much I want to address with the video game industry and its subpar valuation of its customers’ privacy, but that is also a subject for a more expansive post.  Meanwhile, it looks like just another round of shortcomings that could have been fairly easily prevented with more attention.


By: Jonathan Weicher, post on October 9, 2019
Originally published at:
Copyright: NetLib Security