The attack the food delivery company DoorDash appears to have been part of the ongoing "0ktapus" campaign, which first made news when it ensnared Twilio. Customers may have had contact information exposed along with order information and partial credit card information.