Skip to main content

Delivery service DoorDash has revealed it was the victim of a social engineering attack. During the breach, hackers targeted and tricked a DoorDash employee stole personal information belonging to customers, drivers, and merchants.

The security incident occurred on October 25, according to DoorDash. On November 13, the company began notifying its users of the breach.

“A DoorDash employee was recently targeted in a social engineering scam,” the company wrote in a statement published on its website. “The response team identified the incident, shut down the unauthorized party’s access, started an investigation, and referred the matter to law enforcement.”

A company investigation determined “some users whose data is maintained by DoorDash were affected in connection with this incident.”

What data did the DoorDash hackers steal?

Personal information accessed by the hacker “may have included” first and last names, phone numbers, email addresses, and physical addresses.

“No sensitive information, such as Social Security numbers or other government-issued identification numbers, driver’s license information, or bank or payment card information, was accessed,” DoorDash reassured. Apparently, names, phone numbers, email addresses, and physical addresses are not considered to be “sensitive information” by DoorDash.

The company, however, did not reveal the number of affected users or where they are located. They stated they were contacting affected users via email.

What is DoorDash doing to prevent this from happening… again?

In 2019, personal information of approximately 4.9 million DoorDash customers, drivers, and merchants was exposed during a data breach.

In 2022, a third-party vendor used by DoorDash was targeted in a phishing attack. The names, email addresses, phone numbers, and addresses of an undisclosed number of DoorDash users were exposed.

In an effort to prevent this from happening for a fourth time, the company will implement new safety measures. They will be deploying “new enhancements” to their security systems. Additional training will be given to employees about various social engineering scams. And finally, an external firm is being brought in to assist in their investigation and provide specialized support.

Related

Will Ford, GM, and BMW’s Car-Sharing Projects Defeat Uber and Lyft?

Best in News
MotorBiscuit Senior Editor

Doug Sheckler

Doug Sheckler is a Senior Editor at MotorBiscuit and BroBible. He began his professional career working for an auto racing sanctioning body, and subsequently founded his own racing series, which remains in operation today. He has since spent the better part of two decades creating, editing, and writing for a variety of websites.

These days, he has a special affinity for hypercars and other exotic vehicles that he will never own. He also enjoys delving into stories about the world of criminals, the more foolish and/or clever the better, and is always up for a good conspiracy theory. He earned a Bachelor’s Degree in Marketing from the University of Iowa.

Want more news like this? Add MotorBiscuit as a preferred source on Google!
Preferred sources are prioritized in Top Stories, ensuring you never miss any of our editorial team's hard work.
Add as preferred source on Google