DoorDash confirms serious data breach – customer names, addresses, emails are more all leaked, here’s what we know
- DoorDash suffered a breach exposing user contact data via social engineering
- Victims include customers, merchants, and employees; SSNs may have been compromised
- No credit monitoring offered; phishing risks remain high post-breach
Popular food delivery platform DoorDash has suffered a cyberattack which saw it lose sensitive data on an undisclosed number of users.
The company has begun sending out data breach notification emails to affected individuals, in which it said it spotted the intrusion on October 25, 2025.
DoorDash said the attackers stole people’s names, phone numbers, email addresses, and postal addresses, but in a slightly odd comment, said “no sensitive information was accessed.”
Customers, merchants, and employees affected
The breach happened after one of the employees fell for a social engineering scam and granted the attackers access to the platform.
We don’t know exactly how many people were affected by the breach, but DoorDash did say the incident involved customers, merchants, and employees.
The notifications primarily seem to have been sent to Canadian users, but US citizens are suspected to have also been affected, since in an undated security advisory on the DoorDash site, Social Security Numbers (SSN) – primarily a US data type – were also mentioned.
“We have already taken steps to respond to the incident, including deploying enhancements to our security systems, additional training for our employees, bringing in a leading cybersecurity forensic firm to assist in our investigation of the issue, and notifying law enforcement for ongoing investigation,” the notice reads.
There was no mention of any identity theft or credit monitoring services offered to the victims, which is standard practice in these situations.
Even if there was, customers, clients, and users should still be wary of incoming email messages and other communication, especially those claiming to be from DoorDash. Chances are, cybercriminals will try to use the stolen data to trick victims into installing malware or granting access to social media accounts, banking platforms, or even job apps.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
DoorDash suffered a breach exposing user contact data via social engineering Victims include customers, merchants, and employees; SSNs may have been compromised No credit monitoring offered; phishing risks remain high post-breach Popular food delivery platform DoorDash has suffered a cyberattack which saw it lose sensitive data on an undisclosed number…
