Door Dash Hack - 1 Month Out

The DoorDash data breach, which was confirmed in mid-November 2025, occurred on October 25, 2025, after a company employee was successfully targeted by a social engineering scam. One month later, the situation has settled into a phase of mitigation and public caution, though no major criminal activity has been directly linked to the stolen data so far.
​

Data Exposed and Risk: The compromised data included first and last names, physical addresses, email addresses, and phone numbers of an undisclosed number of consumers, Dashers, and merchants across multiple countries (including the US, Canada, Australia, and New Zealand). DoorDash maintains that no sensitive information—such as bank details or social security numbers—was accessed, and they have "no indication" the data has been misused for fraud or identity theft as of mid-December.

Company Actions: DoorDash deployed new security enhancements and implemented additional awareness training for employees to prevent future social engineering attacks. The company also engaged an external forensics firm and referred the incident to law enforcement for ongoing investigation.

User Caution: The primary area of concern a month out is the potential for highly convincing phishing and smishing (SMS phishing) attacks, so remain vigilant, update passwords, and enable two-factor authentication on all related accounts.

Key Takeaway for Staying Safe
​
The most effective way to protect yourself is to never click a link in an unexpected email or text message, especially after a data breach.

If you receive a suspicious communication:

1. Do NOT click the link or call the number.
2. Verify Independently: Open the official DoorDash app on your phone (or type DoorDash.com directly into your browser) and log in. If there is a real problem with your account, it will be clearly visible there.

​

Ep354

Image created by AI