WASHINGTON — The owner of a popular D.C. restaurant is sounding the alarm after his business was the victim of theft.
Z-Burger owner Peter Tabibian said someone impersonating DoorDash was able to get banking information and hack into his business's bank accounts.
Tabibian said the fraudster had specific information that only DoorDash would have, such as the last several orders the restaurant had with DoorDash, names of the people that placed the orders and who the drivers were for those orders.
After gaining trust, they say the DoorDash tablets are not functioning properly, and they need to send new tablets to work with. In order to do so, they proceed to ask for bank account information along with routing information under the guise of needing it to set up a new tablet, Tabibian explained.
“A person claiming to be from DoorDash armed with information about our most recent deliveries and our last four digits of our account number convinced us that we were missing orders and that we needed to replace our DoorDash tablet,” Tabibian said. “We rely on these deliveries to supplement our in-store sales and hearing that we were losing revenue got us to panic and fall for the scam.”
The restaurant owner did not say how much money his business lost. Tabibian claims he has heard from other businesses who have fallen for the same scheme recently, and he wants to help spread the word.
WUSA9 reached out to DoorDash for comment on the incident, and to understand if this had impacted any other account holders.
“We have spoken with Z Burger to better understand their concerns, and at this time, we have not found any evidence of fraud or lost funds pertaining to their business on our platform," a DoorDash spokesperson responded. "To further safeguard against unauthorized activity, we have implemented additional security measures on Z Burger’s account, effective immediately. If any member of our community identifies unusual activity with their account, we strongly encourage them to reach out to DoorDash Support urgently, however customers should not be alarmed by this incident.”
DoorDash added that there has not be any hack impacting the company, and any claim saying there has is false.
Below are a few recommendations from DoorDash on how to keep sensitive information secure when operating online:
- Merchants should never share their personal information with anyone – including their Merchant Portal Login – even if the request appears to come from DoorDash Support.
- Consumers, merchants, and Dashers should use secure and unique passwords that aren’t duplicative of other sites for optimal security, updating them regularly.