DoorDash Reveals User Phone Numbers and Addresses Exposed in Latest Data Breach
Food delivery giant DoorDash has confirmed a significant data breach that exposed the personal information—including phone numbers and physical addresses—of millions of its users. The breach, discovered in late October 2025, marks the company’s third major security incident in recent years and has raised fresh concerns about the safety of customer data on popular digital platforms.
According to DoorDash, the breach stemmed from a sophisticated social engineering attack targeting a third-party vendor. Hackers used stolen employee credentials to gain access to internal tools, allowing them to extract sensitive contact information from DoorDash’s systems. The company began notifying affected users between November 11 and 13, 2025, after conducting an internal investigation to determine the scope of the breach.
DoorDash stated that the compromised data included names, phone numbers, email addresses, and physical addresses for both customers and delivery workers. In some cases, partial payment card information—such as the last four digits of credit cards—was also accessed, though full card numbers, passwords, bank account details, and Social Security numbers were not exposed.
The company emphasized that, as of now, there is no evidence that the stolen information has been misused for identity theft or financial fraud. “Based on our investigation to date, the information accessed by the unauthorized party did not include passwords, full payment card numbers, bank account numbers, or Social Security or Social Insurance numbers,” DoorDash said in a public statement.
The breach affected an estimated 2 to 4 million users, including customers, delivery drivers, and merchants. DoorDash has not disclosed the exact number of impacted individuals but confirmed that the breach was not limited to a single region and affected users across the United States and Canada.
DoorDash has taken immediate steps to cut ties with the compromised third-party vendor and is working to strengthen its internal and vendor security protocols. The company is also collaborating with law enforcement agencies to identify and apprehend those responsible for the breach.
This incident follows two previous breaches in 2019 and 2022, both of which also involved third-party vendors and exposed similar types of personal information. The repeated security lapses have prompted criticism from privacy advocates and cybersecurity experts, who urge DoorDash to implement more robust safeguards to protect user data.
Affected users are advised to remain vigilant for suspicious communications, such as phishing emails or scam calls, and to consider changing their passwords and enabling two-factor authentication on their DoorDash accounts. DoorDash has also recommended that users monitor their financial accounts for any unusual activity.
As digital platforms continue to play a central role in everyday life, incidents like this underscore the importance of strong cybersecurity practices and transparency from companies entrusted with sensitive personal information. DoorDash says it is committed to improving its security measures and will continue to update users as more information becomes available.
🔄 Updated: 11/17/2025, 3:40:47 PM
**DoorDash Data Breach Exposes Contact Information Through Social Engineering Attack**
DoorDash disclosed a data breach discovered on October 25, 2025, where attackers gained unauthorized access to customer, driver, and merchant contact information including first and last names, phone numbers, email addresses, and physical delivery addresses after successfully deceiving a DoorDash employee through social engineering[1][3]. The company began notifying affected users starting November 13, 2025—approximately 19 days after detecting the intrusion—with estimates suggesting 2-4 million users across multiple countries were impacted[3][5]. Security experts warn that while DoorDash claims passwords and full payment card numbers
🔄 Updated: 11/17/2025, 3:50:43 PM
DoorDash confirmed a data breach affecting 2 to 4 million users worldwide, exposing personal information including phone numbers and physical addresses following a social engineering attack on an employee discovered on October 25, 2025[1][2][5]. The international response has included calls for stronger cybersecurity measures across global delivery platforms, as affected users from multiple countries receive notifications urging immediate protective actions[1][6]. This marks DoorDash’s third major breach in six years, raising concerns about cross-border data security standards in the gig economy[1].
🔄 Updated: 11/17/2025, 4:00:45 PM
DoorDash is facing regulatory scrutiny after confirming a data breach on October 25, 2025, that exposed user phone numbers, addresses, and other personal information, with privacy advocates warning the incident likely triggers notification requirements under the California Consumer Privacy Act (CCPA), which allows fines up to $7,500 per affected consumer for negligent data handling. The company has notified law enforcement and is cooperating with investigations, but has not disclosed the exact number of affected users, drawing criticism from regulators concerned about transparency and consumer protection.
🔄 Updated: 11/17/2025, 4:10:47 PM
Cybersecurity experts are warning that DoorDash’s latest breach—exposing names, phone numbers, and physical addresses of up to 4 million users—creates a significant risk for targeted phishing and identity theft, despite the company’s claim that payment data was not compromised. “This is a goldmine for social engineers,” said Dr. Jessica Barker, a leading cyberpsychologist, noting that “attackers can now craft highly personalized scams using real contact and location data.” Industry analysts at Gartner have criticized DoorDash’s delayed disclosure and repeated security lapses, calling the breach “a troubling pattern that undermines consumer trust.”
🔄 Updated: 11/17/2025, 4:20:51 PM
DoorDash’s latest data breach, exposing user phone numbers and physical addresses of an estimated 2-4 million users in October 2025, disrupts the competitive landscape by intensifying customer trust challenges for the company amid rivals like Uber Eats and Grubhub, who have invested heavily in data security to attract privacy-conscious consumers[3][7]. This incident marks DoorDash’s third significant breach in recent years, potentially giving competitors a marketing edge by emphasizing stronger cybersecurity measures, as DoorDash now faces increased pressure to restore confidence through enhanced vendor oversight and security protocols[1][3]. Industry analysts suggest this breach could shift market share as consumers reconsider platform loyalty based on data privacy assurances.
🔄 Updated: 11/17/2025, 4:30:43 PM
DoorDash confirmed a data breach on October 25, 2025, that exposed personal information including users' names, phone numbers, email addresses, and physical addresses after an employee fell victim to a social engineering attack[1][4][5]. The breach affected an estimated 2 to 4 million customers, Dashers, and merchants, marking DoorDash's third major security incident in recent years[3]. The company has urged affected users to be vigilant against phishing and is cooperating with law enforcement to identify the culprits[2][3].
🔄 Updated: 11/17/2025, 4:40:45 PM
DoorDash's latest data breach is triggering regulatory action under multiple jurisdictions, with privacy advocates particularly targeting California's Consumer Privacy Act (CCPA), which can impose fines up to $7,500 per affected consumer for negligent data handling.[1] In Canada, the breach likely violates the Personal Information Protection and Electronic Documents Act (PIPEDA), prompting at least one affected user to announce plans to file a complaint with the Office of the Privacy Commissioner of Canada and pursue action in provincial small claims court, calling DoorDash's notification process "incredibly unprofessional, dangerous, and potentially illegal."[1][11] Additionally, DoorDash referred the matter to law enforcement for criminal investigation
🔄 Updated: 11/17/2025, 4:50:48 PM
DoorDash's latest data breach, disclosed on November 13, 2025, exposed personal details including phone numbers and physical addresses of an unspecified number of users, sparking significant consumer concern over privacy and security risks[1][7][9]. Many users expressed frustration over the company’s delayed breach notification and lack of clarity on the number of affected individuals, fearing the exposed data could fuel phishing attacks and identity theft[1]. Security experts and consumers alike criticized DoorDash’s repeated failures, noting this is the company's third major breach, with past incidents affecting millions and eroding public trust[1][2].
🔄 Updated: 11/17/2025, 5:00:46 PM
DoorDash confirmed a data breach discovered on October 25, 2025, resulting from a sophisticated phishing attack on a third-party vendor that compromised employee credentials and internal tools. This breach exposed personally identifiable data of approximately 4.9 million customers, workers, and merchants, including phone numbers, delivery addresses, names, email addresses, and partial payment information, but did not include full payment card numbers or Social Security numbers[1][2][5][6]. DoorDash has severed ties with the vendor, engaged external security experts, and is collaborating with law enforcement, while urging users to remain vigilant against phishing attempts exploiting the leaked contact details[1][5][9].
🔄 Updated: 11/17/2025, 5:10:54 PM
Cybersecurity experts warn that DoorDash’s latest breach, which exposed user phone numbers, addresses, and other contact details, creates a significant risk for targeted phishing and identity theft. “This combination of data is a goldmine for social engineering attacks,” said Troy Hunt, founder of Have I Been Pwned, noting that millions of users could be affected, though DoorDash has not disclosed an exact figure. Industry analysts stress that repeated breaches—this being DoorDash’s third major incident—highlight ongoing vulnerabilities in gig economy platforms’ data protection practices.
🔄 Updated: 11/17/2025, 5:20:57 PM
DoorDash revealed that a data breach on October 25, 2025, exposed user phone numbers, addresses, names, and email addresses due to a social engineering attack on an employee, with notifications sent out from November 13, 2025[1][2][5]. While the exact number of affected users remains undisclosed, independent analysts estimate that millions could be impacted, raising concerns over potential targeted phishing and identity theft attacks[2][1]. DoorDash confirmed no passwords or full payment card numbers were compromised but urged users to be vigilant against scam communications[3].
🔄 Updated: 11/17/2025, 5:30:52 PM
DoorDash revealed that a recent data breach exposed the phone numbers and physical addresses of between 2 and 4 million users globally, including dashers, customers, and merchants, following a social engineering attack on an employee on October 25, 2025[1][2]. The breach has prompted varied international responses, with cybersecurity agencies worldwide urging affected users to take precautions against identity theft and fraud while DoorDash faces scrutiny over repeated security failures across multiple countries[1][5]. As of mid-November 2025, notifications have been sent globally, highlighting the widespread impact and emphasizing the need for enhanced protective measures internationally[1][7].
🔄 Updated: 11/17/2025, 5:41:12 PM
I don't have information available about market reactions or stock price movements related to the DoorDash data breach. While the search results confirm that DoorDash disclosed a security incident on November 13, 2025, where an unauthorized third party gained access to customer contact information including names, phone numbers, email addresses, and physical addresses following a social engineering attack on October 25, 2025[1][2][3], they do not contain any data on how financial markets have responded to this breach announcement or details about DoorDash's stock performance.
To get this market-specific information, you would need to check financial news sources, stock tracking platforms, or market analysis reports published after November 13, 2
🔄 Updated: 11/17/2025, 5:51:11 PM
DoorDash has confirmed a major data breach impacting millions of users worldwide, with hackers exposing personal information including phone numbers and physical addresses after a social engineering attack on an employee on October 25, 2025. The breach affects users across the U.S., Canada, Australia, and Japan, with notifications sent to affected individuals between November 11 and 13; international regulators in Canada and the EU have launched preliminary inquiries into DoorDash’s data protection practices following the incident. “We are actively working with cybersecurity experts and authorities to address the situation,” a DoorDash spokesperson said in a statement released Sunday.
🔄 Updated: 11/17/2025, 6:01:04 PM
DoorDash disclosed a data breach discovered on October 25, 2025, affecting 2 to 4 million users—including customers, dashers, and merchants—where hackers used a social engineering attack on an employee to gain unauthorized access to internal systems, exposing personal data such as names, phone numbers, and physical addresses[1][3][9]. The breach marks DoorDash's third incident since 2019, indicating persistent vulnerabilities in their security posture, and highlights the significant risk posed by manipulative tactics targeting employees rather than technical defenses[1][9]. Notifications were sent between November 11-13, and the company has urged affected users to take immediate protective measures due to the sensitivity of the exposed data[1][7].