DoorDash confirms serious data breach - customer names, addresses, emails are more all leaked, here's what we know

News
By published

DoorDash is playing down the importance of the breach

DoorDash
(Image credit: ShutterStock)
  • DoorDash suffered a breach exposing user contact data via social engineering
  • Victims include customers, merchants, and employees; SSNs may have been compromised
  • No credit monitoring offered; phishing risks remain high post-breach

Popular food delivery platform DoorDash has suffered a cyberattack which saw it lose sensitive data on an undisclosed number of users.

The company has begun sending out data breach notification emails to affected individuals, in which it said it spotted the intrusion on October 25, 2025.

DoorDash said the attackers stole people’s names, phone numbers, email addresses, and postal addresses, but in a slightly odd comment, said “no sensitive information was accessed.”

Customers, merchants, and employees affected

The breach happened after one of the employees fell for a social engineering scam and granted the attackers access to the platform.

We don’t know exactly how many people were affected by the breach, but DoorDash did say the incident involved customers, merchants, and employees.

The notifications primarily seem to have been sent to Canadian users, but US citizens are suspected to have also been affected, since in an undated security advisory on the DoorDash site, Social Security Numbers (SSN) - primarily a US data type - were also mentioned.

“We have already taken steps to respond to the incident, including deploying enhancements to our security systems, additional training for our employees, bringing in a leading cybersecurity forensic firm to assist in our investigation of the issue, and notifying law enforcement for ongoing investigation,” the notice reads.

There was no mention of any identity theft or credit monitoring services offered to the victims, which is standard practice in these situations.

Even if there was, customers, clients, and users should still be wary of incoming email messages and other communication, especially those claiming to be from DoorDash. Chances are, cybercriminals will try to use the stolen data to trick victims into installing malware or granting access to social media accounts, banking platforms, or even job apps.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.