DoorDash Confirms Data Breach: What Was (And Wasn’t) Stolen
Dedy Pramu / Shutterstock
Toggle Dark Mode
If you’re a DoorDash customer, you’ll want to be on your guard against potential phishing attacks in the aftermath of a new security incident, as the company just announced that it’s been hit with a data breach. While no sensitive information, such as Social Security numbers or payment card details, was disclosed, hackers did get access to the personal data of some of its customers, including names, email addresses, physical postal addresses, and phone numbers. The incident also impacted some Dashers and merchants.
Our team recently identified and shut down a cybersecurity incident that involved an unauthorized third party gaining access to and taking certain user information.
Importantly, no sensitive information was accessed by the unauthorized third party and we have no indication the data has been misused for fraud or identity theft at this time.
Still, the leaked contact information could be used by bad actors to trick users into providing additional information through phishing attacks and other scams.
While the food delivery service didn’t identify the users whose data was stolen in connection with this incident, it stated that it has implemented several security safeguards and reported the attack to law enforcement officials. The company also brought in an external firm to assist with the investigation and provide specialized support.
DoorDash says the data breach came via a social engineering attack targeting a company employee. While it may be a case of closing the barn door after the horse has escaped, the company has put in place additional training for its employees to heighten their awareness of such social engineering schemes.
While DoorDash says it has directly notified affected users “where required,” and published information about the incident on its website, you can contact the company if you’re concerned that your data may have been included in the data breach.
DoorDash has provided two toll-free phone numbers for contacting a dedicated call center, available in English and French: +1-833-918-8030 (toll-free) for the US and Canada, and +1-214-393-3293 for international callers. Operators are available Monday to Friday, 6am-8pm PST, and weekends, 8am-5pm PST. Please use reference code B155060 when calling.
There has been a rash of similar data breaches over the last few years, and as in this one, customers are often left wondering whether their information was included in the breach. When companies use vague terms such as “some customers,” it only raises concerns and suspicions among customers and partners that perhaps the affected organizations have been less than upfront about the damage caused by the breach. Only time will tell just how damaging this breach is.
Customers who fear their data may have been compromised should contact DoorDash to determine their level of exposure. This is also a good reminder to stay alert. Never click on a link in a text message or email unless you are expecting it. If at all possible, log in to the company’s website by manually entering the URL rather than clicking a link sent to you.
