DoorDash has announced that it recently dealt with a security breach that exposed portions of user information, including names, email addresses, phone numbers, and home addresses. While the company did not share the exact number of individuals affected, it confirmed that customers, delivery drivers, and merchants were impacted.
According to DoorDash, the intruders did not obtain any highly sensitive data. In its statement, the company emphasized that there is no evidence that the stolen information has been used for identity theft or fraud. Details such as Social Security numbers, government-issued IDs, banking information, and payment card numbers were reportedly untouched.
The incident began when one of DoorDash’s employees fell victim to a social-engineering attempt—an attack method in which hackers manipulate a person into granting access or revealing credentials. Once the company detected unusual activity, DoorDash says it quickly cut off the unauthorized access, launched an internal investigation, and contacted law enforcement.
DoorDash spokesperson Michelle Babin did not provide additional numbers when asked how many individuals were affected. Instead, she repeated statements published on the company’s official blog, stressing that the company moved fast to contain the situation and secure its systems.
The company has begun notifying the people whose information may have been exposed. DoorDash also stated that it is improving its internal security protocols and working to strengthen safeguards to prevent similar incidents in the future.
This latest breach adds to the company’s history of past security challenges. Back in 2019, DoorDash suffered a significant incident in which hackers accessed data belonging to almost 5 million users, delivery personnel, and business partners. That breach went undetected for months and was ultimately linked to a vulnerability involving a third-party vendor. The company said it has since implemented stricter controls around external service providers.
Although DoorDash maintains that the recent breach did not involve the most sensitive forms of personal data, the exposure of phone numbers and physical addresses can still pose risks such as phishing attempts, scam calls, or targeted social-engineering attacks. Security experts often warn that even limited personal information can be used to craft convincing fraud schemes.
DoorDash has encouraged users to stay alert for suspicious emails, phone calls, or messages and to report anything unusual to the company’s support team.
