DoorDash data breach leaves important customer details exposed

A sophisticated phishing attack has left customers' personal information and partial payment information exposed to hackers.
By Chance Townsend  on 
 Doordash Inc. application is displayed in the App Store on a smartphone
DoorDash is one of many companies caught up in a recent string of hacks. Credit: Bloomberg via Getty

Food delivery giant DoorDash has confirmed a data breach that has left customers' personal information exposed to hackers, the company announced in a statement Wednesday.

DoorDash stated that an "undisclosed number of customers had their names, email addresses, delivery addresses, phone numbers, and partial payment card numbers" stolen. For drivers with the company, hackers were able to access names, phone numbers, and email address information.

In its statement, DoorDash explained that the breach was the result of a third-party vendor that was hacked through a sophisticated phishing campaign. Employees of the vendor had credentials that were stolen that were then used to access DoorDash's internal tools. The company said it cut off the third-party vendor’s access to its systems after discovering “unusual and suspicious” activity.

DoorDash did not state any timeline of discovery of the breach. A spokesperson with DoorDash told TechCrunch that the company took time to "fully investigate what happened, which users were impacted and how they were impacted” before disclosing the data breach."

According to TechCrunch, DoorDash did not name the third-party vendor but did confirm the company was reached by the same bad actors that compromised SMS communication company Twilio earlier this month. Other companies affected by the Twilio hack include the authentication service Okta; messaging platform Signal; and password manager LastPass. The CEO of LastPass Karim Toubba confirmed in a letter that hackers stole source code and proprietary information but found "no evidence the incident exposed any customer data or passwords."

A Twilio spokesperson confirmed in an email to Mashable that it was not the third-party vendor responsible for the DoorDash breach.

DoorDash confirmed in its statement that information like passwords, full payment card numbers, bank account numbers, or Social Security or Social Insurance numbers were not accessed. Furthermore, the company told TechCrunch that it's hired an unnamed cybersecurity expert to help investigate the compromise and further strengthen the company's security systems.

"We value the trust we’ve built with each and every member of the DoorDash community and protecting our platform and your personal information is a top priority for DoorDash," the company's statement read. "We sincerely regret that this attack occurred."

Previously in 2019, hackers stole customer data from DoorDash, resulting in 4.9 million customers, drivers, and merchants having their information compromised. The company also blamed the attack on an unnamed third-party vendor.

UPDATE: Aug. 28, 2022, 7:15 p.m. CDT This article was updated to clarify that the Twilio hack was not responsible for the DoorDash breach.

Topics Cybersecurity

Headshot of a Black man
Chance Townsend
Assistant Editor, General Assignments

Currently residing in Austin, Texas, Chance Townsend is an Assistant Editor at Mashable. He has a Master's in Journalism from the University of North Texas with the bulk of his research primarily focused on online communities, dating apps, and professional wrestling.

In his free time, he's an avid cook, loves to sleep, and "enjoys" watching the Lions and Pistons break his heart on a weekly basis. If you have any stories or recipes that might be of interest you can reach him by email at [email protected].


Recommended For You
Emotional support platform 7 Cups beset by trolls
A computer screen with trolling activity happening.

Talking to someone online for emotional support may be riskier than you realize
Speech bubbles colored red and blue float next to each other.

The great Pornhub blackout may soon come for horny Floridians
The Pornhub logo is displayed on a smartphone screen.

Hackers cause EA to postpone Apex Legends pro gamer tournament
Apex Legends

Teens who talk about their mental health on this app may be taking a big risk
A group of people standing at a distance from each other.

Trending on Mashable
NYT Connections today: See hints and answers for March 28
A phone displaying the New York Times game 'Connections.'

Wordle today: Here's the answer and hints for March 28
a phone displaying Wordle

NYT's The Mini crossword answers for March 28
Closeup view of crossword puzzle clues


NYT Connections today: See hints and answers for March 27
A phone displaying the New York Times game 'Connections.'
The biggest stories of the day delivered to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up. See you at your inbox!