DoorDash, the favored meals supply firm, is as soon as once more coping with a public relations subject following a knowledge breach the place an unauthorised individual, reportedly, stole key contact particulars from customers, supply drivers, and retailers.
The corporate’s inside safety group first detected the problem on October 25, 2025. Upon additional investigation, the group discovered that the safety lapse occurred after one in every of their workers was tricked in a social engineering rip-off.
On your data, social engineering is solely a trick the place criminals manipulate an individual into giving up personal data or permitting entry to methods, which helps them bypass technical safety measures. On this case, the attacker gained entry earlier than DoorDash’s response group might cease them.
What Info Was Taken?
DoorDash has confirmed that the knowledge stolen contains full names, bodily addresses, electronic mail addresses, and telephone numbers. This incident affected folks throughout the corporate’s working areas, together with the US, Canada, Australia, and New Zealand. DoorDash has additionally assured recipients that, at present, they don’t have any proof that the stolen information has been used for fraud or id theft.
Whereas the corporate was fast to state that no delicate data, like bank card numbers, Social Safety numbers, or driver’s license particulars, was taken, this declare has met with criticism. As we all know it, having an individual’s identify, electronic mail, and telephone quantity collectively is commonly sufficient for criminals to launch very plausible phishing and smishing assaults. Customers are additionally involved that their residence addresses have been accessed.
Delay in Notification
It’s value noting that whereas the breach was discovered on October 25, prospects solely began receiving electronic mail warnings on November 13. This delay in telling affected customers has led to frustration, with some questioning if the corporate adopted information breach legal guidelines and even threatening to take authorized motion. Affected customers have taken to platforms like X (previously Twitter) to share the e-mail notices they obtained.
DoorDash has responded by saying they’re bettering their safety methods, growing worker coaching on scams like phishing and social engineering, and have employed a number one third-party cybersecurity forensics agency to assist with their investigation. In addition they referred the matter to legislation enforcement.
That is the third main safety failure for the supply firm since 2019. Beforehand, Hackread.com lined an analogous assault in August 2022 that affected buyer and Dasher information after a unique third-party vendor was compromised.
(Photograph by Marques Thomas on Unsplash)
