GLENARDEN, Md. — The owners of Horace & Dickies Seafood of Glenarden say they believe their DoorDash account was hacked and haven't received close to $24,000 in payments.
They realized in June that something was off when they checked their DoorDash account and saw their bank account information had been changed to a bank account that was not theirs. Even worse, they discovered they hadn't been receiving payments from third party food delivery app since March.
"That $23,000 may mean a million dollars to us, but it's only a penny to them," said Anice Hegler, the manager of Horace & Dickies Seafood of Glenarden.
Them, being DoorDash. A few months ago, Hegler says they started receiving phone calls from someone claiming to be with DoorDash.
"They were saying do you have a tablet we need to update your tablet and your account information. That was the immediate red flag, because we do not have a DoorDash tablet," said Hegler.
Hegler says despite the repeated phone calls and requests for information they never gave any of that info over.
She says on June 20th, they logged into their account and discovered their bank account info had been swapped out for a foreign unknown bank account.
"We looked at our banking information and noticed there was a different bank and our antennae's were up like why is our banking info wrong," she told WUSA9.
She says they also checked their actual bank account, but found nothing missing, so they called DoorDash.
We reached out to DoorDash and said there has to be a problem some sort of cyber attack inside your portal because we haven't been receiving deposits," said Hegler.
She says DoorDash told them that their account was externally compromised by an "unknown fraudulent third party" and that the business's email address was used to make the changes.
Hegler says they were told DoorDash would investigate, but were eventually told the nearly $24,000 could not be recovered.
"That's no little chunk of change for a small black business in PG County," Hegler said.
She says they've been trying to get more answers from DoorDash but hadn't received any further correspondence until Wednesday night, when WUSA9 reached out about what was going on.
A DoorDash spokesperson shared the following statement Wednesday night:
“DoorDash takes all reports of fraudulent behavior affecting our community seriously, regularly reminding users how to keep their information secure. We’re saddened to hear that Horace & Dickies Seafood of Glenarden experienced fraudulent activity, and in response, we have reached out to further understand their unique scenario. If any member of our community identifies unauthorized account activity, we strongly encourage them to urgently reach out to DoorDash Support.”
According to DoorDash this was an isolated incident and they say their platform is still secure. They say this was a result of fraudulent activity, but that it was not the result of a DoorDash error.
A payment block was implemented as soon as they learned of the issue, according to DoorDash.
They told WUSA9 that they plan to issue a one-time courtesy payment to Horace & Dickies Seafood of Glenarden.
Hegler says they don't understand how this could have happened because they didn't share any passwords or banking information with the person who called.
"That's kind of where we get stuck. I've done everything I could and I still got scammed," said Thomas Dearden, an Assistant Professor of Sociology at Virginia Tech. He tells WUSA9 his research is focused on online scams and financial crimes. He says what happened here comes down to three things.
"Some kind of user error, where they're reusing passwords or have simple passwords. Others would be on the company, a breach like a data base breach. The third would be traditional type of hacking," said Dearden.
As for Horace & Dickies, they say they hope what happened to them serves as a warning to other business owners who work with third party delivery apps.
"Check your accounts monthly or don't use them at all," said Hegler.