Is it because it’s too classified, confidential, or controversial? DoorDash has admitted there was a huge data breach that happened with its systems last October, with user information getting leaked. That was over a month ago. Why only revealed now?
October 25th
An email notification was recently sent to DoorDash customers saying, "On October 25, 2025, our team identified a cybersecurity incident that involved an unauthorized third party gaining access to and taking certain user contact information, which varied by individual.”
According to news reports, some of the information that may have leaked included the customers’ first and last name, physical address, phone number, and email address. Oh, no!
However, DoorDash has also stated it is already investigating the matter after confirming that those data have been leaked. But still, too late.
This isn’t the first time that a food delivery app fell prey to a data breach. Several months ago, this year, an unidentified hacker reportedly gained access to names and contact information on Grubhub’s customer support system. Grubhub is also one of the most popular food delivery apps in the USA and across the globe.
But, with the DoorDash data breach incident, ridesharing media stated it was traced to a DoorDash employee falling victim to a “social engineering scam.” Social engineering is a psychological manipulation tactic used to trick people into divulging confidential information, granting unauthorized access, or performing actions that compromise security.
Upon becoming aware of this massive manipulation, DoorDash’s response team shut down the unauthorized party’s access, passed this on to law enforcement agencies, and started their own investigation.
There is no official information released on how many users were affected, though the company stated the incident impacted several consumers, Dashers, and merchants.
This is reportedly the third time a security incident has affected DoorDash.
Interesting
But that’s just the tip of the iceberg. An eerie email in French sent to DoorDash Canada users was being looked at by the investigation.
An undated security advisory posted on the official website of DoorDash suggests the incident went beyond just Canada. It has references to data types particular in the USA, such as Social Security Numbers, but DoorDash clarified went not accessed. What, really?
Either way, DoorDash customers were not impressed.
“DoorDash took 19 whole days to notify me of a data breach that has leaked my personal information. Thankfully, I used a fake name and a forwarded email address for my account, but my real phone number and physical address have been leaked,” wrote a DoorDash customer on X.
Others tagged in “unprofessional.”
"This is incredibly unprofessional, dangerous, and potentially illegal behaviour from DoorDash… This process violates Canadian data breach law. I’ll be filing a case against DoorDash in provincial small claims court and making a complaint to the Office of the Privacy Commissioner of Canada,” they wrote.
What do you think of this news? Sign up for that account on Ridesharing Forum to join the discussion.