The food delivery app DoorDash has disclosed to customers that it suffered a data breach in October. According to reporting from BleepingComputer, the company has emailed customers alerting them to the October 25th, 2025 incident where an unauthorized third party gained access to systems and took certain user contact information, which varied by individual.
The DoorDash disclosure email states that the personal information exposed includes:
- First and last name
- Physical address
- Phone number
- Email address
The company said that the breach has been traced to a social engineering scam that tricked an employee into giving access to a threat actor who then breached the systems. When the company became aware of the issue, the incident response team shut down the access, started an investigation and alerted law enforcement.
Though the data breach disclosure letter does not detail how many DoorDash users were affected, it does state that a mix of consumers, Dashers and merchants were involved so a considerable number of people could be affected. In 2023, DoorDash had roughly 7 million people working as delivery contractors, and the 2024 numbers showed nearly 600,000 merchants partnered with DoorDash and 42 million active users.
This is, unfortunately, the third data breach that the company has suffered with the previous two being in 2019 and 2022. The 2019 breach exposed the information of 5 million customers, Dashers and merchants to an unauthorized person, while the 2022 breach was part of the same attack that involved Twilio that same year.
How to stay safe after a data breach
You'll want to make sure to change the passwords to your DoorDash account (and probably any related banking or payment accounts). Make sure to choose strong, unique passwords for each of your accounts, and if you don't already use one, consider putting a password manager in place to handle them all for you.
Also, enable two-factor authentication or multi-factor authentication wherever you can, as this extra layer of security can often be the last obstacle before a hacker takes over your account. One of the main risks after a data breach is phishing attacks, which may look like they come from a legitimate retailer or website. So one of the things to stay on alert for is emails or texts that appear like they come from DoorDash.
You may see phishing emails which claim there is an order confirmation for something you didn’t buy. The best way to stay safe against phishing is to avoid clicking on any links, QR codes or attachments in emails or messages you weren't expecting. If you receive any of these, delete them and log into your account manually to check.
Lastly, if you haven't already, set up identity theft monitoring and services with one of the best identity theft protection services. Having one in place in advance can help protect you by providing you with an alert if anything suspicious happens with your financial accounts and most importantly, your sensitive personal information.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
