DoorDash’s breach is a symptom of a fraud epidemic
The digital economy is powered by the data we collect, and it can mean the difference between an exceptional customer experience or a poor one. Companies have spent billions of dollars trying to collect user data that can help them reach that goal, but fraudsters are acquiring this type of lucrative user data rather easily — one breach at a time.
The recent DoorDash breach is a perfect example of the volume of data regularly being leaked onto the dark web, which exposed data from its 4.9 million customers, delivery workers and merchants. With each data breach, fraudsters augment their database and cybercriminals build complete profiles of user identity and use those insights to create new inauthentic profiles, which can then be used for further malicious activity.
The digital landscape is enabled by trust, and that becomes increasingly important with these types of sharing-economy companies that rely on collaboration and communication through trusted parties. This breach has affected every touchpoint in the DoorDash community, exposing its customers, delivery workers and valued merchants. The incident adds to a growing cybersecurity ecosystem that is full of sophisticated and connected networks which have been fed by each preceding breach. As a result, fraudsters have easy access to a host of compromised credentials from various, disconnected attacks. They gain access to a significant amount of customer data that can easily be weaponized not only now, but in the future as that ecosystem continues to grow.
This ecosystem multiplies as fraudsters collect user identities on the dark web and build legitimate operations around buying and selling compromised consumer data. Cybercriminals can piece together the puzzle of each individual online identity, giving them potential access to user accounts across someone’s entire digital presence. From there, they’re able to impersonate users in attacks like account takeovers, where a user’s profile is hacked and compromised, and even commoditize those identity profiles on the dark web.
Alas, this is merely a symptom of a much bigger issue at hand. It is the responsibility of companies and institutions to protect against these types of attacks in the future. And, while there is no silver bullet for security, many companies fail to secure their business because they implement strategies rooted in mitigation, not prevention. As long as there is money to be made in the world of cybercrime, fraudsters will continue to find a way to breach credentials and monetize them. It is crucial now more than ever, to take an approach that is rooted in long term eradication of the business of fraud by breaking down the economic incentive.