DoorDash, the favored meals supply firm, is as soon as once more coping with a public relations situation following an information breach the place an unauthorised particular person, reportedly, stole key contact particulars from customers, supply drivers, and retailers.
The corporate’s inside safety staff first detected the difficulty on October 25, 2025. Upon additional investigation, the staff discovered that the safety lapse occurred after one in all their staff was tricked in a social engineering rip-off.
To your info, social engineering is solely a trick the place criminals manipulate an individual into giving up non-public info or permitting entry to programs, which helps them bypass technical safety measures. On this case, the attacker gained entry earlier than DoorDash’s response staff may cease them.
What Data Was Taken?
DoorDash has confirmed that the data stolen consists of full names, bodily addresses, electronic mail addresses, and cellphone numbers. This incident affected folks throughout the corporate’s working areas, together with the US, Canada, Australia, and New Zealand. DoorDash has additionally assured recipients that, at present, they don’t have any proof that the stolen knowledge has been used for fraud or identification theft.
Whereas the corporate was fast to state that no delicate info, like bank card numbers, Social Safety numbers, or driver’s license particulars, was taken, this declare has met with criticism. As we all know it, having an individual’s title, electronic mail, and cellphone quantity collectively is usually sufficient for criminals to launch very plausible phishing and smishing assaults. Customers are additionally involved that their dwelling addresses had been accessed.
Delay in Notification
It’s price noting that whereas the breach was discovered on October 25, prospects solely began receiving electronic mail warnings on November 13. This delay in telling affected customers has led to frustration, with some questioning if the corporate adopted knowledge breach legal guidelines and even threatening to take authorized motion. Affected customers have taken to platforms like X (previously Twitter) to share the e-mail notices they obtained.
DoorDash has responded by saying they’re enhancing their safety programs, rising worker coaching on scams like phishing and social engineering, and have employed a number one third-party cybersecurity forensics agency to assist with their investigation. In addition they referred the matter to legislation enforcement.
That is the third main safety failure for the supply firm since 2019. Beforehand, Hackread.com lined an analogous assault in August 2022 that affected buyer and Dasher knowledge after a distinct third-party vendor was compromised.
(Photograph by Marques Thomas on Unsplash)
