DoorDash
DoorDash's 3rd data breach exposes millions! User data leaked in October, sparki...
The food delivery giant DoorDash is reeling from its third significant data breach in six years.
Yes! The company confirmed this week that a sophisticated social engineering scam duped an employee, allowing a threat actors to pillage a trove of user contact information and exposing millions of customers, "Dasher" drivers, and merchants to heightened risk of phishing and identity theft.**
### What Happened? A Timeline of Treachery.
The breach unfolded on **October 25, 2025**, when [DoorDash](https://www.secureblink.com/cyber-security-news/door-dash-becomes-yet-another-victim-linked-to-twilio-sms-phishing)'s security team [detected](https://help.doordash.com/consumers/s/article/Our-response-to-a-recent-cybersecurity-incident) an unauthorized party accessing its systems. Yet, in a move that has sparked fury and legal threats, the company waited a staggering **19 days** before beginning to notify the victims on November 13 .
The culprit? A single, targeted social engineering attack tricked a DoorDash employee into granting access, proving that the human element remains the weakest link in cybersecurity.
### What the Cyber-Thieves Got.
While DoorDash has downplayed the severity by stating “no sensitive information was accessed,” the stolen data paints a frighteningly complete picture of users’ digital identities. The exposed information varies by individual but includes :
| Affected Group | Types of Information Exposed |
| :--- | :--- |
| **Customers** | Full name, physical address, phone number, email address |
| **Dashers** | Full name, physical address, phone number, email address |
| **Merchants** | Full name, physical address, phone number, email address |
This information is a gold mine for phishers and scammers, who can use it to craft highly convincing, targeted attacks.
### Public Outcry: "Incredibly Unprofessional, Dangerous, and Potentially Illegal"
The 19-day notification delay has ignited a firestorm of criticism and fear. One user on social media platform X lamented, **"DoorDash took 19 whole days to notify me... my real phone number and physical address have been leaked"** .
Another user, Chris from [Toronto](https://www.canada.ca/en/employment-social-development/services/sin.html), challenged the company's attempt to downplay the breach, stating, **"I'm sorry - if this isn't sensitive information, what is? Don't downplay this just because they didn't get credit card or password information. It's gone deaf"** . The outrage has escalated to real-world consequences, with at least one user vowing to file a case in provincial small claims court and lodge a formal complaint with the Office of the Privacy Commissioner of Canada, alleging a violation of data breach laws .
### DoorDash's Third Strike
This 2025 incident is not an isolated event but part of a deeply concerning pattern for the delivery giant :
* **2019:** A breach exposed the data of approximately **5 million** users .
* **2022:** The company was hit again in an attack linked to the violation of third-party vendor [Twilio](https://www.secureblink.com/cyber-security-news/twilio-stopped-another-data-breach-started-even-before-the-august-hack).
This "three-peat" of security failures has left experts and users questioning if the company has truly learned from its past mistakes.
### How to Protect Yourself Now
If you are among the millions of DoorDash users, your vigilance is your best defense. Here’s what you must do immediately :
* **Expect Phishing Attacks:** Be hyper-aware of unsolicited emails, texts, or calls pretending to be from DoorDash, your bank, or other services. **Do not click on links or download attachments** from suspicious messages .
* **Change Your Passwords:** Immediately update your DoorDash password and ensure you are not using it for any other online accounts.
* **Enable Multi-Factor Authentication (MFA):** Add this critical extra layer of security to your DoorDash and email accounts .
* **Remain Skeptical:** If a communication seems off, it probably is. Always log in to your accounts directly through their official websites or apps to check for updates, rather than clicking on provided links.
### DoorDash's Damage Control: Too Little, Too Late?
In response to the crisis, DoorDash has issued a statement outlining its remedial actions, which include **"deploying enhancements to our security systems, implementing additional training for our employees, bringing in a leading cybersecurity forensic firm... and notifying law enforcement"**.
The company has set up a dedicated, toll-free hotline for users with questions: **+1-833-918-8030** (reference code: **B155060**)
As the investigation continues, one question lingers in the minds of users worldwide: Is DoorDash finally building a fortress, or just rearranging the deck chairs on a ship that has already been breached three times?
