DoorDash, a food delivery app, revealed Thursday that the information of 4.9 million customers, workers, and merchants had been compromised earlier this year through a third-party service provider. The leaked data may contain users’ names, delivery addresses, phone numbers, order history, and the last four digits of customers’ credit cards. In addition, about 100,000 Dashers, the independent contractors who perform the company’s delivery services, might have had their driver’s license numbers leaked. DoorDash said the breach affects users who had accounts with the platform before April 5, 2018, and that the data was compromised on May 4. The company said in a blog post that it became aware of “unusual activity involving a third-party service provider” earlier this month. DoorDash said it added additional layers of security and blocked an unauthorized user after completing an investigation.