DoorDash has confirmed a significant data breach affecting its users, delivery drivers, and merchants, following a security incident linked to a social engineering scam. The company’s internal security team identified the breach on October 25, 2025, revealing that an unauthorized individual accessed sensitive contact details after manipulating an employee into divulging critical information.
In social engineering attacks, criminals trick individuals into revealing private data or granting access to secure systems. In this instance, the attacker managed to breach DoorDash’s defenses before the response team could intervene.
Details of the Breach
The compromised information includes full names, physical addresses, email addresses, and phone numbers. This breach affects customers across several regions, including the United States, Canada, Australia, and New Zealand. DoorDash has stated that there is no current evidence suggesting the stolen data has been exploited for fraudulent activities or identity theft.
Although the company emphasized that no sensitive information, such as credit card numbers, Social Security numbers, or driver’s license details, was obtained, critics have raised concerns. Many users fear that the combination of names, emails, and phone numbers could facilitate phishing and smishing attacks. The access to home addresses has also heightened apprehensions among customers.
Notification Concerns
Notably, while the breach was detected on October 25, customers did not receive email notifications until November 13. This delay in communication has sparked frustration, prompting some affected users to question whether DoorDash adhered to data breach notification laws. There are reports of customers contemplating legal action, voicing their concerns on social media platforms.
In response to the incident, DoorDash has pledged to enhance its security protocols. The company is increasing training for employees on identifying scams such as phishing and social engineering. Additionally, they have engaged a leading third-party cybersecurity forensics firm to assist with the ongoing investigation and have referred the matter to law enforcement.
This breach marks the third significant security incident for DoorDash since 2019. A previous attack reported by Hackread.com in August 2022 involved compromised customer and Dasher data following a third-party vendor breach. As DoorDash works to rebuild trust with its users, the implications of this latest breach highlight the ongoing challenges companies face in safeguarding sensitive information in an increasingly digital world.
