DoorDash breach exposes customer and worker contact information

DoorDash confirmed a data breach that exposed personal data of a combination of customers, delivery drivers and merchants. The stolen information included names, email addresses, phone numbers and physical addresses. The company said it has no evidence of fraud related to the breach so far, but the event still raises concerns for anyone using the service.

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

How the DoorDash breach occurred

The company attributed the incident to a social engineering attack. One employee fell for a honeypot that gave hackers access to DoorDash systems. Once the company detected the breach, it closed access, launched an investigation, and notified authorities. DoorDash also notified users directly when necessary.

Who was affected by the DoorDash breach?

DoorDash said the breach affected a mix of users on its platform. That includes customers, delivery people and merchants. CyberGuy reached out to DoorDash and a representative provided us with the following statement:

“DoorDash recently identified and closed a cybersecurity incident in which an unauthorized third party gained access to and took basic contact information from some users whose data DoorDash maintains. No sensitive information was accessed, such as Social Security numbers or other government-issued identification numbers, driver’s license information, or banking or payment card information. The information accessed varied by individual and was limited to names, phone numbers, email addresses, and physical addresses. We implemented security measures. enhanced, we implemented additional employee training and hired a third-party cybersecurity company to support our ongoing investigation. For more information, visit our Help Center.

LOOKING FOR A CHEAP CHEESE BURGER? 10 AMERICAN CITIES THAT OFFER THE BEST FOOD DEALS

If you received an alert from the company, take steps to protect your information. If you use the app but didn’t receive a notice, you should still follow the security tips below because exposed contact information can lead to scams long after a breach.

How to Protect Yourself After the DoorDash Breach

Although payment details remain protected, exposed contact details can still open the door to scams. You can reduce your risk with some smart measures that keep your information safer online.

1) Be alert for phishing attempts

Scammers act quickly after a breach. They often send fake alerts that look like real DoorDash messages. These emails or text messages may indicate that you need to verify your account or update your payment details. Delete any messages that ask for personal information or prompt you to click a link. When in doubt, go directly to the official app instead of relying on a message.

2) Use a data removal service

Data brokers collect and resell personal data that is often exploited by scammers. A data removal service works to extract your information from those sites. This limits your exposure and makes it harder for criminals to target you. It’s one of the easiest long-term steps you can take to protect your privacy.

IS YOUR PHONE HACKED? HOW TO COUNT AND WHAT TO DO

While no service can guarantee complete removal of your data from the Internet, a data deletion service is truly a smart choice. They are not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to delete your personal data from the Internet. By limiting the information available, you reduce the risk of scammers cross-referencing leak data with information they can find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already available on the web: Cyberguy.com.

3) Use strong passwords and a password manager

Stronger passwords give you better protection. Create unique passwords for each account so a breach can’t unlock your digital life. A password manager makes this easy by generating strong passwords and storing them securely. It also completes them automatically, so you spend less time typing.

Next, check to see if your email has been exposed in previous breaches. Our number one password manager (see Cyberguy.com) includes a built-in breach scanner that checks to see if your email address or passwords have appeared in known breaches. If you discover a match, immediately change any reused passwords and protect those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

4) Activate multi-factor authentication

Multi-factor authentication (MFA) adds a simple barrier that blocks most theft attempts. When you turn it on, you confirm each login with a code or application message. This keeps your account secure even if someone finds out your password. Most major apps allow you to enable this setting in the Security section.

5) Use powerful antivirus protection

Powerful antivirus software protects you from malicious downloads and links. It scans files in real time and warns you when something looks dangerous. This gives you an extra layer of defense against phishing attempts that attempt to install malware.

The best way to protect yourself from malicious links that install malware and potentially access your private information is to have powerful antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2025 for your Windows, Mac, Android, and iOS devices at Cyberguy.com

6) Review your account activity

It’s helpful to check your DoorDash account for anything unusual. View your order history, saved addresses and payment methods. If something seems wrong, update your password and contact DoorDash support immediately. Quick action can prevent a small problem from becoming a bigger problem.

Kurt’s Key Takeaways

A breach like this reminds us how quickly cybercriminals can take advantage of a single mistake. DoorDash acted quickly to cut off access and confirm the damage, but exposed contact information can still create risks. Staying alert and using basic safety habits can help you avoid problems.

CLICK HERE TO GET THE News APP

What worries you most about companies storing your personal information and how would you like them to handle incidents like this? Let us know by writing to us at Cyberguy.com

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

Copyright 2025 CyberGuy.com. All rights reserved.