All cards have been compromised

Read the Story

Show Top Comments

Your door dash account being compromised should not compromise your debit card. I don’t know how doordash specifically does it, but generally those sites don’t store the entire card number, just an identifier and then a reusable authorization token with their payment processor. All of your accounts were compromised in the same manner, probably password reuse or malware.


Did you change all of your passwords with the same device? If so, that device has probably been compromised.


It sounds like you might be the victim of identity theft. I have been a victim of identity theft, but I live in Canada. However, I think the general process for unrravelling it is the same and I think this subreddit even has a guide. Assume all your accounts are compromised. As in, banking, government and more. If you’re saying only the doordash account was compromised but now charges are popping up everywhere, there is a problem. Perhaps they have enough of your personal information to open new cards in your name with slightly different email accounts so you may not be notified, you may receive notice of them sometime in the mail, or you may not if they manage to change your address with the card companies so you don’t get any papertrail from them. Changing your passwords is just a start. You should probably open a police report. The police will not get you your money back nor will they likely catch (or even try) to get the person/people doing this. However, you are building a paper trail to show that you have been a victim of identity theft and are taking active steps to resolve it. Insurance and credit card companies will likely ask for the police report # so they can follow-up themselves. They may not reverse charges unless you take this step. Review information with credit bureaus. Sign up for credit monitoring. Call every single one of your credit card companies/banks/etc to tell them you think you have been a victim of identity theft and review recent transactions. Tighten security measures (ex: credit card companies can set up a unique password that you have to provide in order to make any changes to your plan; they may also call you and ask you to produce this password if a suspicious transaction was detected (like one from another country). Be persistent; some offices were hard to get through because it was hard for me to verify MY identity because who ever was doing this really gummed things up. Keep a diary of all these conversations and write down useful information (ex: the different email acounts they ended up using to replace mine on accounts, incorrect spelling of my name, dates that my phone number was changed on file, etc etc). I had 7 credit cards opened in my name in addition to having used my 1 actual existing credit. They tried to withdraw funds from my bank account. Charges were in 5 figure amounts at the end of all this. The whole process to resolve actually took months. Please take active steps to resolve this. It likely won’t go away on its own.


It’s sort of hard to say, it could be that you reused passwords, or had some malware on the device you used to communicate with the cardholders.


A lot of people will update passwords for their credit card account but never think about their email. A lot of info can be obtained from your email especially if you use the same email for all of your credit accounts. An email is all you need sometimes to reset a password if you’re not using 2 factor. If your account has been compromised update all of your email address passwords as well.