{"id":4099,"date":"2025-05-21T05:06:23","date_gmt":"2025-05-21T05:06:23","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/05\/21\/doordash-hack-html\/"},"modified":"2025-05-21T05:06:23","modified_gmt":"2025-05-21T05:06:23","slug":"doordash-hack-html","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/05\/21\/doordash-hack-html\/","title":{"rendered":"DoorDash Hack"},"content":{"rendered":"\n<div>DoorDash Hack<\/div>\n<p> \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>A DoorDash driver <a href=\"https:\/\/www.theverge.com\/news\/669140\/doordash-driver-convicted-delivery-scam\">stole<\/a> over $2.5 million over several months:<\/p>\n<blockquote>\n<p>The driver, Sayee Chaitainya Reddy Devagiri, placed expensive orders from a fraudulent customer account in the DoorDash app. Then, using DoorDash employee credentials, he manually assigned the orders to driver accounts he and the others involved had created. Devagiri would then mark the undelivered orders as complete and prompt DoorDash\u2019s system to pay the driver accounts. Then he\u2019d switch those same orders back to \u201cin process\u201d and do it all over again. Doing this \u201ctook less than five minutes, and was repeated hundreds of times for many of the orders,\u201d writes the US Attorney\u2019s Office.<\/p>\n<\/blockquote>\n<p>Interesting flaw in the software design. He probably would have gotten away with it if he\u2019d kept the numbers small. It\u2019s only when the amount missing is too big to ignore that the investigations start.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Bruce Schneier<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/www.schneier.com\/blog\/archives\/2025\/05\/doordash-hack.html\">Go to bruce schneier<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>DoorDash Hack A DoorDash driver stole over $2.5 million over several months: The driver, Sayee Chaitainya Reddy Devagiri, placed expensive orders from a fraudulent customer account in the DoorDash app. Then, using DoorDash employee credentials, he manually assigned the orders to driver accounts he and the others involved had created. Devagiri would then mark the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[57,457,465,452,1],"tags":[87],"class_list":["post-4099","post","type-post","status-publish","format-standard","hentry","category-bruce-schneier","category-courts","category-scams","category-theft","category-uncategorized","tag-bruce-schneier"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/4099"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=4099"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/4099\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=4099"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=4099"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=4099"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}