Latest Doordash Hit By Yet Another Data Breach This October 2025

DoorDash has disclosed a data breach that hit the food delivery platform this October.

Beginning yesterday evening, DoorDash, which serves millions of customers across the U.S., Canada, Australia, and New Zealand, started emailing those impacted by the newly disclosed security incident.

"On October 25, 2025, our team identified a cybersecurity incident that involved an unauthorized third party gaining access to and taking certain user contact information, which varied by individual," states the email notification from DoorDash.

"Our investigation has since confirmed that your personal information was affected."

The incident has been traced to a DoorDash employee falling victim to a social engineering scam. Upon becoming aware, the company's incident response team shut down the unauthorized party's access, started an investigation, and referred the matter to law enforcement.

This marks the third notable security incident suffered by the delivery giant.

In 2019, a data breach at DoorDash had exposed the information of roughly 5 million customers, Dashers and merchants to an unauthorized party.

In August 2022, DoorDash suffered another data breach from the threat actors who had also attacked Twilio that year.

What's interesting is that a French translation of the notice is appended to these emails:

At this time, it appears that the emails primarily went to DoorDash Canada users (including myself). We are yet to confirm if the breach also impacts users based in the US and other regions where DoorDash operates.

Source: BleepingComputer