DoorDash, the favored meals supply firm, is as soon as once more coping with a public relations problem following an information breach the place an unauthorised individual, reportedly, stole key contact particulars from customers, supply drivers, and retailers.
The corporate’s inside safety workforce first detected the difficulty on October 25, 2025. Upon additional investigation, the workforce discovered that the safety lapse occurred after one among their staff was tricked in a social engineering rip-off.
In your info, social engineering is just a trick the place criminals manipulate an individual into giving up non-public info or permitting entry to techniques, which helps them bypass technical safety measures. On this case, the attacker gained entry earlier than DoorDash’s response workforce might cease them.
What Data Was Taken?
DoorDash has confirmed that the data stolen consists of full names, bodily addresses, e mail addresses, and telephone numbers. This incident affected individuals throughout the corporate’s working areas, together with the US, Canada, Australia, and New Zealand. DoorDash has additionally assured recipients that, at present, they haven’t any proof that the stolen information has been used for fraud or id theft.
Whereas the corporate was fast to state that no delicate info, like bank card numbers, Social Safety numbers, or driver’s license particulars, was taken, this declare has met with criticism. As we all know it, having an individual’s identify, e mail, and telephone quantity collectively is usually sufficient for criminals to launch very plausible phishing and smishing assaults. Customers are additionally involved that their dwelling addresses have been accessed.
Delay in Notification
It’s value noting that whereas the breach was discovered on October 25, prospects solely began receiving e mail warnings on November 13. This delay in telling affected customers has led to frustration, with some questioning if the corporate adopted information breach legal guidelines and even threatening to take authorized motion. Affected customers have taken to platforms like X (previously Twitter) to share the e-mail notices they obtained.
DoorDash has responded by saying they’re bettering their safety techniques, rising worker coaching on scams like phishing and social engineering, and have employed a number one third-party cybersecurity forensics agency to assist with their investigation. In addition they referred the matter to legislation enforcement.
That is the third main safety failure for the supply firm since 2019. Beforehand, Hackread.com coated an analogous assault in August 2022 that affected buyer and Dasher information after a distinct third-party vendor was compromised.
(Picture by Marques Thomas on Unsplash)
