DoorDash has confirmed a data breach that occurred this October, leading the food delivery platform to begin notifying impacted customers, Dashers, and merchants yesterday evening.
Scope of the Breach
The company's notification stated that on October 25, 2025, an unauthorized third party gained access to and stole certain user contact information. The data exposed varied by individual but may have included:
- First and last name
- Physical address
- Phone number
- Email address
The incident was traced back to a DoorDash employee falling victim to a social engineering scam. Upon detecting the unauthorized access, the company's response team immediately shut down the attacker's access, launched an investigation with a forensic firm, and notified law enforcement.
User Criticism and Response
This is the third security incident for the delivery giant, which previously suffered breaches in 2019 and 2022. The timing and phrasing of the notification have drawn criticism from users online. Users questioned the company's claim that "no sensitive information was accessed," pointing out that physical addresses and phone numbers were compromised. Some users noted that the company took 19 days to send notifications, raising concerns about compliance with data breach laws.
DoorDash has advised affected users to be wary of unsolicited communications and targeted phishing emails that appear to originate from the company. As a response to the incident, DoorDash has deployed security enhancements, implemented additional employee training, and is continuing its investigation.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
