DoorDash breach exposes user contact details
DoorDash confirmed Nov. 23 that a social engineering attack on an employee allowed an unauthorized party to access basic contact information for some customers, delivery workers and merchants. The company says names, email addresses, phone numbers and physical addresses were exposed, but no SSNs, driver’s license data, or bank/payment card information, and reports no evidence of fraud so far; DoorDash says it cut off access, notified law enforcement, added security measures and hired an external cybersecurity firm while notifying affected users as required.
Cybersecurity Incidents
DoorDash
📌 Key Facts
- Incident source: social engineering attack on a DoorDash employee
- Data types exposed: names, emails, phone numbers, physical addresses; no SSNs/driver’s license/bank or card data
- Actions: access shut down, law enforcement notified, external firm engaged, user notifications sent