DoorDash has confirmed a new data breach after an unauthorized party accessed user information in October 2025. The company began notifying affected customers, Dashers, and merchants across the U.S., Canada, Australia, and New Zealand.
Below is a clear breakdown of what was leaked, how worried you should be if you're affected, and the steps you need to take next.
1. What Datapoints Were Leaked?
According to DoorDash’s incident notice, an unauthorized actor gained access to certain contact and personal details. While the exact data varied by individual, the following information may have been exposed:
- Full name
- Physical address
- Phone number
- Email address
DoorDash confirmed that this information was indeed accessed by the intruder.
The breach was traced back to a social engineering attack targeting a DoorDash employee. Once the company realized what happened, it cut off the unauthorized access, launched an internal investigation, and notified law enforcement.
Although DoorDash has not disclosed how many people were impacted, the incident affected a mix of customers, Dashers, and merchants. This is DoorDash’s third major security incident, following previous breaches in 2019 and 2022.
Notably, some email notices also included a French translation, suggesting heavy impact among Canadian users. However, a related advisory on DoorDash’s website references U.S.-specific data types—indicating the incident may extend beyond Canada, even though Social Security Numbers and Social Insurance Numbers were not accessed.
2. Should You Be Worried?
If your data was part of this breach, here’s what it means for you:
Moderate to High Risk of Targeted Scams
While the breach did not include passwords or financial data, the exposed contact information is highly valuable for attackers. This type of data is commonly used for:
- Phishing attacks
- Impersonation scams
- Fraudulent DoorDash-themed messages
- Social engineering attempts targeting your other accounts
Users have already expressed concern online, especially about the 19-day delay in notifying people, which may have increased risk exposure.
Long-Term Exposure
Names, addresses, phone numbers, and emails are long-lasting identifiers. Once leaked, these details can circulate on dark web databases for years, making future scams more likely.
Regulatory Concerns
Some Canadian users have raised legal questions about the delay in notification, stating it may violate local breach-disclosure laws.
In short:
Yes, you should take this breach seriously. Even without financial data involved, this type of personal information can be weaponized against you.
3. What Should Be Your Next Steps?
If you received a notification from DoorDash—or even if you simply have an account—take the following precautions immediately:
1. Watch for Phishing Attempts
Expect an increase in emails or texts pretending to be from DoorDash.
- Don’t click suspicious links.
- Don’t download attachments.
- Don’t enter login or payment details on unfamiliar sites.
DoorDash has specifically warned users to stay cautious.
2. Secure Your DoorDash and Related Accounts
Even though passwords weren’t leaked:
- Change your DoorDash password.
- Enable 2-factor authentication everywhere possible.
- Make sure you’re not using the same password across other platforms.
Breach-linked phishing campaigns often aim to obtain login credentials after the fact.
3. Monitor Financial and Delivery Accounts
While payment data wasn't accessed, attackers often use leaked contact info to try:
- Account takeovers
- Fake refund scams
- Fraudulent order attempts
Review your recent activity across payment apps and delivery platforms.
4. Reduce Your Exposure Going Forward
Proactive privacy steps can help limit damage from future incidents:
- Use email masking or forwarding tools for online accounts.
- Avoid using your primary phone number for non-essential signups.
- Remove your information from data broker sites if possible.
5. Contact DoorDash for Support
DoorDash has set up a support line for affected users:
📞 Toll-free number: +1-833-918-8030
Reference code: B155060
If you want clarification about whether your region or account was affected, this is the official channel.
