DoorDash data breach exposes customer details
The security incident follows a phishing attack that compromised a third-party vendor’s computer network
American food delivery giant DoorDash has confirmed it was hit by a data breach, after discovering suspicious activity from a third-party vendor’s network.
Per reports, the modus operandi was a sophisticated phishing campaign. Perpetrators leveraged vendor's stolen network credentials to gain access to DoorDash’s internal tools, the company stated.
RELATED RESOURCE
Escape the ransomware maze
Conventional endpoint protection tools just aren’t the best defence anymore
Following a preliminary investigation, the firm confirmed certain personal information of customers has been exposed. However, DoorDash affirms, as of now, customers’ personal information has not been abused for fraud or identity theft.
Name, email address, delivery address, and phone numbers are among the personally identifiable information disclosed. Basic order information and partial payment card information of select customers were also exposed.
DoorDash confirmed the data breach does not include passwords, full payment card numbers, bank account numbers, or Social Security or Social Insurance numbers.
To thwart further activities by perpetrators, DoorDash temporarily disabled the vendor’s access to its system. The firm also concluded the attack is tied to a wider phishing campaign that has targeted several other companies.
“While the incident was the result of a phishing attack targeted at a third party, we took action to further enhance DoorDash’s already robust security systems, as well as our third-party vendor’s security systems,” said DoorDash.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
“We have also shared security alerts with other third-party vendors detailing the specific tactics used and reminded employees and third-party vendors to be on alert for any suspicious activity.”
-
Zoom exec on making sure we lead the change we want to seeIn-deoth “Some people think diversity is the responsibility of people and HR teams. And it's not.”
-
Opera browser thinks it has the solution to stopping ClickFix malware attacksNews The browser company is targeting a growing source of malicious links with its new Paste Protect feature