On October 25, 2025, DoorDash revealed a data breach caused by an employee falling victim to social engineering. This incident led to the exposure of personal information like names, phone numbers, and addresses, triggering customer outrage over breach notification delays. The company informed law enforcement and took steps to enhance its security protocols.
Customer dissatisfaction stemmed from the gap between discovering the breach and notifying users, leaving nearly three weeks without communication. Although DoorDash claimed that no sensitive information, such as Social Security numbers, was accessed, many felt that the exposed data was significant. One affected Canadian user indicated intentions to file a legal complaint against DoorDash for failing to comply with local breach notification laws.
Further complicating matters, DoorDash is also dealing with another issue involving an email spoofing flaw discovered on its DoorDash for Business platform. Despite reports to its bug bounty program, the flaw remained unaddressed until recently. Customers are advised to take precautions, including using credit monitoring services, to safeguard their personal information from such breaches.
👉 Pročitaj original: Malware Bytes
