DoorDash Data Breach Exposes Customer Information in October 2025 Incident

DoorDash has informed its customers that the company experienced a security incident in late October, marking yet another breach for the food delivery platform. According to details first reported by BleepingComputer, DoorDash has begun emailing users to disclose that on October 25, 2025, an unauthorized individual infiltrated parts of its internal systems and accessed selected customer contact information. The type of data exposed varied from person to person but involved key personal details. In its notification email, the company confirmed that names, physical addresses, phone numbers, and email addresses were among the information viewed by the intruder. While financial data does not appear to have been compromised, the collection of exposed fields still carries significant risk because such details can easily be reused in phishing, impersonation, and other forms of social engineering attacks. 

DoorDash stated that the root cause of the breach was a social engineering scam targeting an employee, which ultimately allowed the attacker to obtain credentials and slip past internal safeguards. As soon as the company recognized unusual activity, its security team revoked the unauthorized access, launched a broader investigation, and contacted law enforcement to support further review. However, the company did not specify how many individuals may have been affected. What is clear is that the impacted group includes customers, delivery drivers (known as Dashers), and merchants. Considering DoorDash reported roughly 7 million contractors in 2023, nearly 600,000 partner merchants in 2024, and more than 42 milli

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.