DoorDash user contact information leak
Data Leak
Summary
Hide ▲
Show ▼
DoorDash disclosed that user contact information was taken in an unauthorized access incident identified on October 25, 2025, creating a risk of phishing and account-focused abuse. The affected data may have included names, physical addresses, phone numbers, and email addresses for some users. DoorDash traced the access to a social engineering scam against an employee, shut down the unauthorized access, and notified law enforcement.
Related Happenings
DoorDash Business stored HTML injection email spoofing security flaw
Vulnerability
First: 17.11.2025 18:32
Last: 17.11.2025 18:32
Sources 1
About this happening:
A **DoorDash for Business** stored HTML injection flaw let attackers send **official-branded emails** from **[email protected]**, creating a near-perfect phishing channel. The...
DoorDash Business stored HTML injection email spoofing security flaw
VulnerabilityAbout this happening: A **DoorDash for Business** stored HTML injection flaw let attackers send **official-branded emails** from **[email protected]**, creating a near-perfect phishing channel. The...
DoorDash hit by network compromise
Incident
First: 14.11.2025 06:38
Last: 14.11.2025 06:38
Sources 1
About this happening:
DoorDash disclosed a **cybersecurity incident** that exposed **user contact information** after an **unauthorized third party** gained access to account-linked data. The affected...
DoorDash hit by network compromise
IncidentAbout this happening: DoorDash disclosed a **cybersecurity incident** that exposed **user contact information** after an **unauthorized third party** gained access to account-linked data. The affected...
Timeline
-
14.11.2025 06:38 1 articles · 6mo ago
DoorDash identifies unauthorized access to user contact information
Exploitation ObservedDoorDash identified a cybersecurity incident on October 25, 2025 after an unauthorized third party gained access to and took certain user contact information following a social engineering scam against an employee.
Show sources
- DoorDash hit by new data breach in October exposing user information — www.bleepingcomputer.com — 14.11.2025 06:38
-
14.11.2025 06:38 2 articles · 6mo ago
DoorDash begins notifying impacted users and confirming personal information was affected
Initial DisclosureDoorDash began emailing impacted users on November 14, 2025, confirmed that personal information was affected, and said it had shut down the unauthorized party's access, opened an investigation, brought in a cybersecurity forensic firm, and notified law enforcement.
Show sources
- DoorDash hit by new data breach in October exposing user information — www.bleepingcomputer.com — 14.11.2025 06:38
- DoorDash hit by new data breach in October exposing user information — www.bleepingcomputer.com — 14.11.2025 06:38