This article, DoorDash data breach affected 4.9M customers, drivers, merchants, originally appeared on CNET.com.

DoorDash confirmed in a blog post Thursday a data breach that's affected 4.9 million users. The breach, reported earlier by TechCrunch, exposed information like names, email addresses, delivery addresses, order histories, phone numbers and passwords. The last four digits of some consumers' credit card and bank account numbers were also accessed, but DoorDash said the information isn't enough to make a fraudulent purchase.

DoorDash also said that about 100,000 of the company's drivers had their driver's license numbers accessed.

The food delivery company said it became aware of suspicious activity with a third-party service provider earlier this month. After an investigation, DoorDash said it discovered another breach occurred in early May. DoorDash said users who joined after April 5, 2018, weren't affected.

"We immediately launched an investigation, and outside security experts were engaged to assess what occurred.," Mattie Magdovitz, the company's senior communications manager, said in an email.

DoorDash said it blocked the unauthorized user's access, added additional protective security layers around the data, improved security protocols that govern access to systems, and brought in outside expertise.

The company said it doesn't think passwords were compromised but that it encourages users to change them just in case.

The company said its investigation is ongoing. DoorDash is the latest to suffer a data breach, after MoviePass and Capital One earlier this year.

Read More: The best identity theft protection and monitoring services

Originally published Sept. 26, 1:54 p.m. PT.
Update, at 2:06 p.m.: Adds comments from DoorDash.