DoorDash has revealed a data breach that took place in October 2025, affecting a number of its users across the United States, Canada, Australia, and New Zealand.
The company began notifying affected users through email starting November 13, 2025, after discovering the security incident on October 25.
The breach occurred when a DoorDash employee fell victim to a social engineering scam, allowing an unauthorized third party to access some user contact information. The personal details that may have been exposed include names, email addresses, phone numbers, and physical addresses. DoorDash confirmed that these details were accessed, though financial information, passwords, and Social Security Numbers were not affected.
This security incident appears to have impacted a mix of consumers, Dashers, and merchants. The company acted quickly to block the intruder, launched a full investigation, involved law enforcement, and brought in a leading cybersecurity firm to assist with the inquiry. DoorDash has also updated its security systems and provided additional training for employees to prevent future incidents.
Some users have criticized DoorDash for waiting 19 days to notify them about the breach, arguing that personal information such as phone numbers and addresses is sensitive and should be treated seriously. The company has advised users to be cautious about unsolicited emails, avoid clicking on suspicious links, and not share personal information with unknown websites.
This marks the third major security incident for DoorDash. In 2019, a breach exposed information for about 5 million users, and in 2022, the company was affected by a breach linked to the Twilio cyberattack.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Users who have questions about the incident can call DoorDash’s toll-free number at +1-833-918-8030 and reference code B155060 for further support.





