Hackers gained access to nearly five million of its customer accounts of gig-economy delivery app maker DoorDash.

The dial-a-serf service said that on May 4 of this year some miscreant was able to break into one of DoorDash’s technology providers, and view account information including the physical addresses of punters, order histories, phone numbers, and hashed and salted passwords, plus the last four digits of some users’ credit card numbers or bank accounts.

“Earlier this month, we became aware of unusual activity involving a third-party service provider,” the DoorDash team said in its blog. “We immediately launched an investigation and outside security experts were engaged to assess what occurred. We were subsequently able to determine that an unauthorized third party accessed some DoorDash user data on May 4, 2019.”

Additionally, DoorDash said the intruder was able to view 100,000 driver license numbers belonging to folks who deliver stuff via the software.

“Approximately 4.9 million consumers, Dashers, and merchants who joined our platform on or before April 5, 2018, are affected,” DoorDash said in its disclosure. “Users who joined after April 5, 2018, are not affected.”

Read more here