DoorDash Confirms Data Breach: Customer & Dasher Information Stolen
DoorDash has confirmed a new data breach that exposed personal information belonging to customers, delivery workers (“Dashers”), and merchants across the platform. The company announced the incident after discovering that an unauthorized party accessed internal systems through a targeted social-engineering attack on an employee.
According to DoorDash, the attacker gained access to certain user records containing basic personal details. The exposed information includes names, email addresses, phone numbers, and physical delivery addresses.
The company emphasized that high-risk data—such as Social Security numbers, government ID numbers, driver’s license details, and full financial account information—was not accessed. DoorDash says it has “no evidence so far” that the stolen information is being used for fraud or identity theft.
DoorDash has not yet disclosed how many users were affected or which specific regions experienced the breach. The company is working with federal law enforcement and cybersecurity investigators to further assess the scope of the incident.
What This Means for Customers & Dashers
Even though the stolen data does not include payment numbers or Social Security information, the details that were taken can still be used by scammers.
Names, addresses, phone numbers, and emails are enough to fuel:
- Phishing attacks
- Text scams (“smishing”)
- Fake DoorDash support calls
- Targeted spam
- Credential-stealing attempts via fake login pages
Scammers often combine leaked data with information from previous breaches to make their messages look more convincing.
How to Protect Yourself Right Now
If you’re a DoorDash customer or Dasher, here are a few important steps to take immediately:
1. Change your DoorDash password
Use a strong password you don’t reuse anywhere else.
2. Turn on Two-Factor Authentication (2FA)
This adds an extra layer of security even if your login details were exposed.
3. Watch for suspicious emails or texts
Be wary of messages claiming:
- “Your DoorDash account needs verification”
- “Click here to update your payment info”
- “Your Dasher status is suspended”
DoorDash will not ask for passwords or personal details via unsolicited messages.
4. Avoid clicking unexpected links
Always navigate directly to the DoorDash app or website instead of opening links from emails.
5. Monitor accounts tied to your email or phone
If you use the same contact info for banking, shopping, or social media, keep an eye out for login alerts or unusual activity.
6. Consider a fraud alert or credit monitoring service
If you believe your data has been misused, placing a temporary fraud alert with major credit bureaus is free.
DoorDash Responds
The company says it has strengthened internal security protocols following the attack and is conducting a full review of how the breach occurred. Additional employee security training is also being implemented to help prevent future incidents.
DoorDash says it will notify affected users directly as investigators learn more.
Vinton Voice Will Continue to Monitor the Situation
As new details are released—including the scale of the breach and whether DoorDash will offer free identity-protection services—we will update this story on VintonVoice.com.