DoorDash has disclosed a recent cybersecurity incident involving unauthorized access to certain user data following a social engineering attack targeting one of its employees.
According to Doordas, they quickly identified the issue, cut off the unauthorized access, and began an review with support from external security experts and authorities. The information accessed was limited to basic contact details, which may include a user’s name, phone number, email address, and physical address. They emphasized that no sensitive or financial data—such as Social Security numbers, government IDs, bank information, or payment card numbers—was compromised and have no evidence of any misuse of the affected data.
The incident impacted a mix of DoorDash consumers, Dashers, and merchants. Users of Wolt and Deliveroo were not affected. DoorDash has notified impacted individuals were notified and a dedicated hotline set up for questions. The’ve also advised users to remain cautios of unexpected communications including emails, texts, or calls, an important best practice whenever contact data may have been exposed.
To prevent similar incidents, the company has implemented enhanced security controls, expanded employee training around social engineering threats, and added monitoring capabilities designed to detect malicious activity more quickly.
To learn more about the security incident, progress and support information, visit DoorDash’s announcement here.
Leave a Reply