DoorDash
Company Details
Linkedin ID:
doordash
Website:
Employees number:
74,124
Number of followers:
1,424,762
NAICS:
5112
Industry Type:
Homepage:
careersatdoordash.com
IP Addresses:
0
Company ID:
DOO_2000439
Scan Status:
In-progress
DoorDash Company CyberSecurity Posture
careersatdoordash.com
At DoorDash, our mission to empower local economies shapes how our team members move quickly and always learn and reiterate to support merchants, Dashers and the communities we serve. We are a technology and logistics company that started with door-to-door delivery, and we are looking for team members who can help us go from a company that is known for delivering food to a company that people turn to for any and all goods. DoorDash is growing rapidly and changing constantly, which gives our team members the opportunity to share their unique perspectives, solve new challenges, and own their careers. Our leaders seek the truth and welcome big, hairy, audacious questions. We are grounded in our company values, and we make intentional decisions that are both logical and display empathy for our range of users—from Dashers to Merchants to Customers.
DoorDash A.I CyberSecurity Scoring
DoorDash Risk Score (AI oriented)Between 550 and 599
DoorDash
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
DoorDash Global Score (TPRM)XXXX
DoorDash
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
DoorDash Company CyberSecurity News & History
Past Incidents
13
Attack Types
2
| Entity | Type | Severity | Impact | Seen | Blog Details | Incident Details | View |
|---|---|---|---|---|---|---|---|
| DoorDash | Breach | 50 | 1 | 09/2018 | |||
Rankiteo Explanation : Attack without any consequencesDescription: Food delivery startup DoorDash customer's accounts have been hacked. Dozens of people have tweeted that their accounts had been improperly accessed and had fraudulent food deliveries charged to their account. The hackers changed their email addresses. There has been no data breach and that the likely culprit was credential stuffing, in which hackers take lists of stolen usernames and passwords and try them on other sites that may use the same credentials. | |||||||
| DoorDash | Breach | 80 | 4 | 08/2022 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Food delivery firm DoorDash suffered a data breach exposing customer and employee data that was compromised in a cyberattack on Twilio. The threat actor gained access to the company's internal tools using stolen credentials from a third-party vendor that had access to their systems. As a response, they disabled the vendor's access to their system and contained the incident. The exposed information included the names, email addresses, delivery addresses, and phone numbers of consumers. In addition, for a small subset of customers, the hackers accessed basic order information and partial credit card information, including the card type and the last four digits of the card number. | |||||||
| DoorDash | Breach | 85 | 4 | 10/2025 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: DoorDash confirmed a cybersecurity incident where hackers accessed a database containing personal contact details of New York users, including full names, phone numbers, email addresses, and physical addresses. The breach originated in October when an employee fell for a **social engineering scam**, allowing unauthorized access. While DoorDash assured that no highly sensitive data (e.g., Social Security numbers, government IDs, driver’s licenses, or payment card information) was compromised, the exposed information still poses risks like phishing, identity theft, or targeted scams. The company responded by shutting down the attacker’s access, launching an investigation, involving law enforcement, and enhancing employee training to prevent future incidents. A dedicated helpline (1-833-918-8030, reference code **B155060**) was set up for affected users. | |||||||
| DoorDash | Breach | 85 | 4 | 09/2019 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: DoorDash suffered a data breach after an unauthorized user gained access to the personal information of 4.9 million consumers, Dashers, and merchants. The exposed information included email addresses, delivery addresses, order history, phone numbers, and hashed and salted passwords, last four digits of their credit cards or bank accounts consumers, dashers, and merchants. The company notified all the affected individuals through the mail. | |||||||
| DoorDash Inc. | Breach | 85 | 4 | 5/2019 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: The Washington State Office of the Attorney General reported a data breach involving DoorDash Inc. on September 26, 2019. The breach, which was discovered on September 5, 2019, resulted from unauthorized access on May 4, 2019, affecting 2,243 Washington residents and compromising user data such as names, email addresses, phone numbers, and driver's license numbers. | |||||||
| DoorDash, Inc. | Breach | 85 | 4 | 5/2019 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: The California Office of the Attorney General reported on September 27, 2019, that DoorDash, Inc. experienced a data breach on May 4, 2019, involving unauthorized access to user data. Approximately 41,740 California residents were affected, with compromised information including names, email addresses, phone numbers, hashed passwords, and driver's license numbers. | |||||||
| DoorDash | Breach | 85 | 4 | 11/2025 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: DoorDash experienced a data breach affecting **4.9 million customers, drivers (Dashers), and merchants** after an attacker exploited credentials from a **third-party vendor** to gain unauthorized access. Exposed data included **names, email addresses, phone numbers, delivery addresses, order history hashes, and the last four digits of payment cards** for Dashers. While **no full financial details, SSNs, or government IDs were compromised**, the leaked contact information heightens risks of **targeted phishing, smishing (SMS scams), and vishing (voice fraud)**, with attackers potentially impersonating DoorDash support or merchants. The breach originated from **social engineering**, tricking an employee into divulging access credentials. DoorDash blocked the intrusion, engaged law enforcement, and began notifying affected users, though no direct fraud or identity theft has been confirmed yet. The incident underscores vulnerabilities in **supply chain attacks** and the persistent threat of human manipulation in breaches. | |||||||
| DoorDash | Breach | 85 | 4 | 6/2019 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: DoorDash, a leading food delivery platform, experienced a significant data breach in October 2025 due to a **social engineering attack** where a scammer manipulated an employee into granting unauthorized access to company systems. The breach exposed **personal information of millions of customers**, including **names, addresses, phone numbers, and email addresses**—though no financial data (e.g., credit card numbers or Social Security numbers) was compromised. The stolen data heightens risks of **spear-phishing attacks**, where scammers exploit the leaked details to craft convincing fraudulent messages, tricking victims into divulging further sensitive information or clicking malware-laden links. This marks DoorDash’s **third major breach since 2019**, raising concerns over recurring vulnerabilities in its security protocols. The company delayed notifying affected users for **19 days**, exacerbating potential fallout. While the exposed data is not highly sensitive, the scale and exploitation risk—combined with DoorDash’s history of breaches—underscore systemic weaknesses in safeguarding customer trust. | |||||||
| DoorDash | Breach | 85 | 4 | 6/2019 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: In October 2025, DoorDash suffered a **sophisticated social engineering attack** where an unauthorized third party tricked an employee into granting access to internal systems. The breach compromised **personal information**—including names, email addresses, phone numbers, and physical addresses—of an unspecified number of **customers, delivery workers (Dashers), and merchants**. While DoorDash claimed no 'sensitive' data (e.g., credit cards, SSNs, passwords) was exposed, the leaked details pose risks for **phishing, identity theft, and targeted scams**. The incident mirrors past breaches (2019: 5M users; 2022: driver license numbers), highlighting persistent vulnerabilities in **employee training and third-party risk management**. The company offered **free credit monitoring** but faced criticism for reactive measures. The breach underscores systemic gaps in the gig economy’s cybersecurity, with potential **reputational damage, regulatory scrutiny, and heightened risks for affected users** (e.g., Dashers’ physical safety). | |||||||
| DoorDash | Breach | 85 | 4 | 5/2025 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: A DoorDash employee was targeted in a **social engineering scam**, leading to unauthorized access to some **customer data**. While the breach exposed personal information, officials confirmed that **no ID numbers (e.g., Social Security numbers) or payment details** were compromised. The incident highlights vulnerabilities in employee training and susceptibility to phishing or manipulation tactics, which allowed threat actors to bypass security measures. The exposed data may include names, email addresses, or delivery-related information, but the lack of financial or highly sensitive identifiers reduces the immediate risk of identity theft or fraud. However, the breach still poses reputational harm and potential follow-on attacks, such as targeted phishing campaigns against affected customers. DoorDash has not disclosed the exact number of impacted users, but the incident underscores the ongoing risks of human error in cybersecurity defenses. | |||||||
| DoorDash | Breach | 85 | 4 | 10/2025 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: In November 2025, DoorDash confirmed a data breach resulting from a **social engineering attack** targeting an employee. The attacker successfully manipulated the employee into divulging legitimate credentials, granting unauthorized access to internal systems. While DoorDash detected and contained the intrusion on **October 25**, the attackers had already exfiltrated **personal contact information** of customers, Dashers, and merchants—including **names, physical addresses, email addresses, and phone numbers**. Although no highly sensitive data (e.g., Social Security numbers, driver’s licenses, or payment card details) was compromised, the stolen information poses a significant risk for **follow-on attacks** such as spear phishing and vishing. The breach underscores the vulnerability of human elements in cybersecurity, emphasizing the need for **AI-driven threat detection** to mitigate dwell time and prevent data theft from compromised identities. | |||||||
| DoorDash | Vulnerability | 50 | 2 | 7/2023 | |||
Rankiteo Explanation : Attack limited on finance or reputation:Description: A vulnerability in **DoorDash’s systems** allowed threat actors to exploit an unpatched flaw in the **DoorDash for Business** platform, enabling them to send **fully branded, official-looking emails** from **[email protected]** by injecting arbitrary HTML into the 'Budget name' input field. This created a **highly convincing phishing channel**, as emails bypassed spam filters and appeared legitimate. The flaw, reported by a researcher in **July 2023**, remained unpatched for **over 15 months** due to disputes over disclosure ethics and financial demands. While no **direct data breach** or **internal system access** occurred, the vulnerability posed a **significant reputational and financial risk** by facilitating **large-scale phishing attacks** targeting customers, merchants, or arbitrary recipients. The company eventually patched the issue in **November 2024** after public pressure, but the researcher was banned from DoorDash’s bug bounty program amid accusations of extortion. The incident highlights tensions between **responsible disclosure** and **corporate response protocols** in cybersecurity. | |||||||
| DoorDash | Breach | 60 | 3 | 10/2025 | |||
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: DoorDash disclosed a **cybersecurity incident** on **November 13**, confirming a **data breach** caused by a **social engineering attack** targeting an employee on **October 25**. The unauthorized access exposed **personal information** of certain users, including **Dashers and merchants**, such as **names, email addresses, phone numbers, and physical addresses**. While DoorDash stated that **no sensitive data (payment details, government IDs, or Social Security numbers)** was compromised and no evidence of misuse (fraud/identity theft) was found, the breach sparked **public backlash** for downplaying the severity of exposed data (e.g., home addresses labeled as 'non-sensitive').The company **revoked access immediately**, notified affected users, and engaged law enforcement. To mitigate future risks, DoorDash is **reinforcing employee training** and **strengthening authentication protocols**. The incident coincides with **stock volatility** (down **21% this month**) and a separate **$18M legal settlement** with Chicago over deceptive business practices, adding to operational and reputational pressures. | |||||||
DoorDash
Breach
Rankiteo Explanation
Attack without any consequences
Description: Food delivery startup DoorDash customer's accounts have been hacked. Dozens of people have tweeted that their accounts had been improperly accessed and had fraudulent food deliveries charged to their account. The hackers changed their email addresses. There has been no data breach and that the likely culprit was credential stuffing, in which hackers take lists of stolen usernames and passwords and try them on other sites that may use the same credentials.
DoorDash
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Food delivery firm DoorDash suffered a data breach exposing customer and employee data that was compromised in a cyberattack on Twilio. The threat actor gained access to the company's internal tools using stolen credentials from a third-party vendor that had access to their systems. As a response, they disabled the vendor's access to their system and contained the incident. The exposed information included the names, email addresses, delivery addresses, and phone numbers of consumers. In addition, for a small subset of customers, the hackers accessed basic order information and partial credit card information, including the card type and the last four digits of the card number.
DoorDash
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: DoorDash confirmed a cybersecurity incident where hackers accessed a database containing personal contact details of New York users, including full names, phone numbers, email addresses, and physical addresses. The breach originated in October when an employee fell for a **social engineering scam**, allowing unauthorized access. While DoorDash assured that no highly sensitive data (e.g., Social Security numbers, government IDs, driver’s licenses, or payment card information) was compromised, the exposed information still poses risks like phishing, identity theft, or targeted scams. The company responded by shutting down the attacker’s access, launching an investigation, involving law enforcement, and enhancing employee training to prevent future incidents. A dedicated helpline (1-833-918-8030, reference code **B155060**) was set up for affected users.
DoorDash
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: DoorDash suffered a data breach after an unauthorized user gained access to the personal information of 4.9 million consumers, Dashers, and merchants. The exposed information included email addresses, delivery addresses, order history, phone numbers, and hashed and salted passwords, last four digits of their credit cards or bank accounts consumers, dashers, and merchants. The company notified all the affected individuals through the mail.
DoorDash Inc.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Washington State Office of the Attorney General reported a data breach involving DoorDash Inc. on September 26, 2019. The breach, which was discovered on September 5, 2019, resulted from unauthorized access on May 4, 2019, affecting 2,243 Washington residents and compromising user data such as names, email addresses, phone numbers, and driver's license numbers.
DoorDash, Inc.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported on September 27, 2019, that DoorDash, Inc. experienced a data breach on May 4, 2019, involving unauthorized access to user data. Approximately 41,740 California residents were affected, with compromised information including names, email addresses, phone numbers, hashed passwords, and driver's license numbers.
DoorDash
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: DoorDash experienced a data breach affecting **4.9 million customers, drivers (Dashers), and merchants** after an attacker exploited credentials from a **third-party vendor** to gain unauthorized access. Exposed data included **names, email addresses, phone numbers, delivery addresses, order history hashes, and the last four digits of payment cards** for Dashers. While **no full financial details, SSNs, or government IDs were compromised**, the leaked contact information heightens risks of **targeted phishing, smishing (SMS scams), and vishing (voice fraud)**, with attackers potentially impersonating DoorDash support or merchants. The breach originated from **social engineering**, tricking an employee into divulging access credentials. DoorDash blocked the intrusion, engaged law enforcement, and began notifying affected users, though no direct fraud or identity theft has been confirmed yet. The incident underscores vulnerabilities in **supply chain attacks** and the persistent threat of human manipulation in breaches.
DoorDash
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: DoorDash, a leading food delivery platform, experienced a significant data breach in October 2025 due to a **social engineering attack** where a scammer manipulated an employee into granting unauthorized access to company systems. The breach exposed **personal information of millions of customers**, including **names, addresses, phone numbers, and email addresses**—though no financial data (e.g., credit card numbers or Social Security numbers) was compromised. The stolen data heightens risks of **spear-phishing attacks**, where scammers exploit the leaked details to craft convincing fraudulent messages, tricking victims into divulging further sensitive information or clicking malware-laden links. This marks DoorDash’s **third major breach since 2019**, raising concerns over recurring vulnerabilities in its security protocols. The company delayed notifying affected users for **19 days**, exacerbating potential fallout. While the exposed data is not highly sensitive, the scale and exploitation risk—combined with DoorDash’s history of breaches—underscore systemic weaknesses in safeguarding customer trust.
DoorDash
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In October 2025, DoorDash suffered a **sophisticated social engineering attack** where an unauthorized third party tricked an employee into granting access to internal systems. The breach compromised **personal information**—including names, email addresses, phone numbers, and physical addresses—of an unspecified number of **customers, delivery workers (Dashers), and merchants**. While DoorDash claimed no 'sensitive' data (e.g., credit cards, SSNs, passwords) was exposed, the leaked details pose risks for **phishing, identity theft, and targeted scams**. The incident mirrors past breaches (2019: 5M users; 2022: driver license numbers), highlighting persistent vulnerabilities in **employee training and third-party risk management**. The company offered **free credit monitoring** but faced criticism for reactive measures. The breach underscores systemic gaps in the gig economy’s cybersecurity, with potential **reputational damage, regulatory scrutiny, and heightened risks for affected users** (e.g., Dashers’ physical safety).
DoorDash
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A DoorDash employee was targeted in a **social engineering scam**, leading to unauthorized access to some **customer data**. While the breach exposed personal information, officials confirmed that **no ID numbers (e.g., Social Security numbers) or payment details** were compromised. The incident highlights vulnerabilities in employee training and susceptibility to phishing or manipulation tactics, which allowed threat actors to bypass security measures. The exposed data may include names, email addresses, or delivery-related information, but the lack of financial or highly sensitive identifiers reduces the immediate risk of identity theft or fraud. However, the breach still poses reputational harm and potential follow-on attacks, such as targeted phishing campaigns against affected customers. DoorDash has not disclosed the exact number of impacted users, but the incident underscores the ongoing risks of human error in cybersecurity defenses.
DoorDash
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In November 2025, DoorDash confirmed a data breach resulting from a **social engineering attack** targeting an employee. The attacker successfully manipulated the employee into divulging legitimate credentials, granting unauthorized access to internal systems. While DoorDash detected and contained the intrusion on **October 25**, the attackers had already exfiltrated **personal contact information** of customers, Dashers, and merchants—including **names, physical addresses, email addresses, and phone numbers**. Although no highly sensitive data (e.g., Social Security numbers, driver’s licenses, or payment card details) was compromised, the stolen information poses a significant risk for **follow-on attacks** such as spear phishing and vishing. The breach underscores the vulnerability of human elements in cybersecurity, emphasizing the need for **AI-driven threat detection** to mitigate dwell time and prevent data theft from compromised identities.
DoorDash
Vulnerability
Rankiteo Explanation
Attack limited on finance or reputation:
Description: A vulnerability in **DoorDash’s systems** allowed threat actors to exploit an unpatched flaw in the **DoorDash for Business** platform, enabling them to send **fully branded, official-looking emails** from **[email protected]** by injecting arbitrary HTML into the 'Budget name' input field. This created a **highly convincing phishing channel**, as emails bypassed spam filters and appeared legitimate. The flaw, reported by a researcher in **July 2023**, remained unpatched for **over 15 months** due to disputes over disclosure ethics and financial demands. While no **direct data breach** or **internal system access** occurred, the vulnerability posed a **significant reputational and financial risk** by facilitating **large-scale phishing attacks** targeting customers, merchants, or arbitrary recipients. The company eventually patched the issue in **November 2024** after public pressure, but the researcher was banned from DoorDash’s bug bounty program amid accusations of extortion. The incident highlights tensions between **responsible disclosure** and **corporate response protocols** in cybersecurity.
DoorDash
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: DoorDash disclosed a **cybersecurity incident** on **November 13**, confirming a **data breach** caused by a **social engineering attack** targeting an employee on **October 25**. The unauthorized access exposed **personal information** of certain users, including **Dashers and merchants**, such as **names, email addresses, phone numbers, and physical addresses**. While DoorDash stated that **no sensitive data (payment details, government IDs, or Social Security numbers)** was compromised and no evidence of misuse (fraud/identity theft) was found, the breach sparked **public backlash** for downplaying the severity of exposed data (e.g., home addresses labeled as 'non-sensitive').The company **revoked access immediately**, notified affected users, and engaged law enforcement. To mitigate future risks, DoorDash is **reinforcing employee training** and **strengthening authentication protocols**. The incident coincides with **stock volatility** (down **21% this month**) and a separate **$18M legal settlement** with Chicago over deceptive business practices, adding to operational and reputational pressures.
DoorDash Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for DoorDash
Incidents vs Software Development Industry Average (This Year)
DoorDash has 809.09% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
DoorDash has 525.0% more incidents than the average of all companies with at least one recorded incident.
Incident Types DoorDash vs Software Development Industry Avg (This Year)
DoorDash reported 4 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 4 data breaches, compared to industry peers with at least 1 incident.
Incident History — DoorDash (X = Date, Y = Severity)
DoorDash cyber incidents detection timeline including parent company and subsidiaries
DoorDash Company Subsidiaries
At DoorDash, our mission to empower local economies shapes how our team members move quickly and always learn and reiterate to support merchants, Dashers and the communities we serve. We are a technology and logistics company that started with door-to-door delivery, and we are looking for team members who can help us go from a company that is known for delivering food to a company that people turn to for any and all goods. DoorDash is growing rapidly and changing constantly, which gives our team members the opportunity to share their unique perspectives, solve new challenges, and own their careers. Our leaders seek the truth and welcome big, hairy, audacious questions. We are grounded in our company values, and we make intentional decisions that are both logical and display empathy for our range of users—from Dashers to Merchants to Customers.
Loading...
DoorDash Similar Companies
As a global leader in business cloud software specialized by industry. Infor develops complete solutions for its focus industries, including industrial manufacturing, distribution, healthcare, food & beverage, automotive, aerospace & defense, hospitality, and high tech. Infor’s mission-critical ente
Cisco
Cisco is the worldwide technology leader that is revolutionizing the way organizations connect and protect in the AI era. For more than 40 years, Cisco has securely connected the world. With its industry leading AI-powered solutions and services, Cisco enables its customers, partners and communities
Airbnb
Airbnb was born in 2007 when two hosts welcomed three guests to their San Francisco home, and has since grown to over 5 million hosts who have welcomed over 2 billion guest arrivals in almost every country across the globe. Every day, hosts offer unique stays, experiences and services that make it p
Thomson Reuters
Thomson Reuters is the world’s leading provider of news and information-based tools to professionals. Our worldwide network of journalists and specialist editors keep customers up to speed on global developments, with a particular focus on legal, regulatory and tax changes. Our customers operat
Daraz is the leading e-commerce marketplace across South Asia (excluding India). Our business covers four key areas – e-commerce, logistics, payment infrastructure and financial services – providing our sellers and customers with an end-to-end commerce solution. With access to over 500 million custo
VMware by Broadcom delivers software that unifies and streamlines hybrid cloud environments for the world’s most complex organizations. By combining public-cloud scale and agility with private-cloud security and performance, we empower our customers to modernize, optimize and protect their apps an
ServiceNow
ServiceNow (NYSE: NOW) makes the world work better for everyone. Our cloud-based platform and solutions help digitize and unify organizations so that they can find smarter, faster, better ways to make work flow. So employees and customers can be more connected, more innovative, and more agile. And w
We help those who build the future to make it amazing. In an era where new technologies are born every minute, and the demand for meaningful digital experiences has never been so intense, we unlock our customers’ innovative potential, empowering them to transform their boldest ideas into reality, an
Workday is a leading provider of enterprise cloud applications for finance and human resources, helping customers adapt and thrive in a changing world. Workday applications for financial management, human resources, planning, spend management, and analytics are built with artificial intelligence and
.png)
DoorDash CyberSecurity News
November 19, 2025 04:49 PM
DoorDash reports cybersecurity incident; Assures no sensitive data compromised
NATIONWIDE – DoorDash announced today, November 13, 2025, that it recently identified and contained a cybersecurity incident in which an...
November 19, 2025 02:40 PM
DoorDash users' phone numbers, email addresses leaked in data breach, company says
DoorDash confirmed that a cybersecurity incident allowed a third party to gain access to users' personal information.
November 19, 2025 01:48 PM
Data Breach Exposes Personal Info Of DoorDash Customers, Drivers: What To Know
Users and delivery workers for DoorDash had some of their personal information stolen in a large data breach.DoorDash confirmed the.
November 19, 2025 07:18 AM
DoorDash Cybersecurity Incident Exposes User Data
American Food delivery platform DoorDash has disclosed a DoorDash cybersecurity incident after an unauthorized third party accessed certain...
November 18, 2025 09:26 PM
DoorDash notifies users of data breach
WASHINGTON — DoorDash is alerting customers that a recent cybersecurity incident allowed an outside party to access some users' basic...
November 18, 2025 08:04 PM
Tech Tracker: DoorDash confirms data security incident
You can find original article here Nrn. Subscribe to our free daily Nrn newsletters. A major cybersecurity incident has hit the restaurant...
November 18, 2025 06:59 PM
DoorDash employee targeted in social engineering scam leading to data access
PLANO, TX (WVVA) - DoorDash has announced a recent cybersecurity incident where an unauthorized third party gained access to and took...
November 18, 2025 05:33 PM
DoorDash confirms data breach affecting customers, drivers and businesses
DoorDash says it was the victim of a cybersecurity incident that exposed information belonging to customers, drivers and merchants.
November 18, 2025 05:03 PM
DoorDash Confirms Data Breach - Hackers Accessed Users Personal Data
DoorDash disclosed a cybersecurity incident where unauthorized actors gained access to user contact information.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
DoorDash CyberSecurity History Information
Official Website of DoorDash
The official website of DoorDash is https://careersatdoordash.com/.
DoorDash’s AI-Generated Cybersecurity Score
According to Rankiteo, DoorDash’s AI-generated cybersecurity score is 583, reflecting their Very Poor security posture.
How many security badges does DoorDash’ have ?
According to Rankiteo, DoorDash currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does DoorDash have SOC 2 Type 1 certification ?
According to Rankiteo, DoorDash is not certified under SOC 2 Type 1.
Does DoorDash have SOC 2 Type 2 certification ?
According to Rankiteo, DoorDash does not hold a SOC 2 Type 2 certification.
Does DoorDash comply with GDPR ?
According to Rankiteo, DoorDash is not listed as GDPR compliant.
Does DoorDash have PCI DSS certification ?
According to Rankiteo, DoorDash does not currently maintain PCI DSS compliance.
Does DoorDash comply with HIPAA ?
According to Rankiteo, DoorDash is not compliant with HIPAA regulations.
Does DoorDash have ISO 27001 certification ?
According to Rankiteo,DoorDash is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of DoorDash
DoorDash operates primarily in the Software Development industry.
Number of Employees at DoorDash
DoorDash employs approximately 74,124 people worldwide.
Subsidiaries Owned by DoorDash
DoorDash presently has no subsidiaries across any sectors.
DoorDash’s LinkedIn Followers
DoorDash’s official LinkedIn profile has approximately 1,424,762 followers.
NAICS Classification of DoorDash
DoorDash is classified under the NAICS code 5112, which corresponds to Software Publishers.
DoorDash’s Presence on Crunchbase
No, DoorDash does not have a profile on Crunchbase.
DoorDash’s Presence on LinkedIn
Yes, DoorDash maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/doordash.
Cybersecurity Incidents Involving DoorDash
As of November 27, 2025, Rankiteo reports that DoorDash has experienced 13 cybersecurity incidents.
Number of Peer and Competitor Companies
DoorDash has an estimated 26,597 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at DoorDash ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Breach.
How does DoorDash detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with disabled the vendor's access to their system and contained the incident., and communication strategy with notified all affected individuals through the mail, and incident response plan activated with yes (after 15+ months of inaction), and third party assistance with hackerone (bug bounty platform), and containment measures with patch applied to input validation in doordash for business backend, containment measures with html sanitization in email templates, and remediation measures with closed vulnerable budget name input field, remediation measures with enhanced email template rendering security, and communication strategy with public statement to bleepingcomputer, communication strategy with no direct customer notification mentioned, and and and containment measures with blocked unauthorized access, and recovery measures with notifying affected users via in-app/email, and communication strategy with public blog post, communication strategy with direct notifications to affected users, communication strategy with media statements, and incident response plan activated with yes (access revoked, users notified), and law enforcement notified with yes (investigation ongoing), and containment measures with immediate access revocation, and remediation measures with reinforced employee training, remediation measures with strengthened authentication protocols, and communication strategy with public notice to users (november 13, 2023), and communication strategy with public disclosure via media (kelo.com), and and and containment measures with shut down unauthorized access, and remediation measures with investigation launched, remediation measures with enhanced employee training, and recovery measures with dedicated helpline for affected users (1-833-918-8030), and communication strategy with public disclosure, communication strategy with helpline with reference code (b155060), and incident response plan activated with yes (swift action upon discovery), and third party assistance with partnerships with security firms for investigation and defense fortification, and containment measures with employee verification process enhancements, containment measures with system access reviews, and remediation measures with user notifications (email), remediation measures with free credit monitoring via experian (1 year), and communication strategy with public statements downplaying severity, emails to affected users with mitigation advice (password updates, account monitoring), and enhanced monitoring with implemented for employee access and unusual activity, and incident response plan activated with yes (delayed customer notification by 19 days), and remediation measures with customer notification emails, remediation measures with advisory for credit freezes/monitoring, remediation measures with password reset and 2fa recommendations, and communication strategy with email notifications, communication strategy with toll-free helpline (1-800-833-8030, ref: b155060), communication strategy with public advisory on phishing risks, and and containment measures with detection of intrusion on 2025-10-25, containment measures with access containment (timing unspecified), and communication strategy with public disclosure in november 2025, communication strategy with advisory on compromised data types, and enhanced monitoring with ai-driven threat detection (e.g., seceon aixdr recommended)..
Incident Details
Can you provide details on each incident ?
Title: DoorDash Data Breach
Description: DoorDash suffered a data breach exposing customer and employee data that was compromised in a cyberattack on Twilio. The threat actor gained access to the company's internal tools using stolen credentials from a third-party vendor that had access to their systems.
Type: Data Breach
Attack Vector: Stolen Credentials
Vulnerability Exploited: Third-party Vendor Access
Title: DoorDash Data Breach
Description: DoorDash suffered a data breach after an unauthorized user gained access to the personal information of 4.9 million consumers, Dashers, and merchants. The exposed information included email addresses, delivery addresses, order history, phone numbers, and hashed and salted passwords, last four digits of their credit cards or bank accounts consumers, dashers, and merchants. The company notified all the affected individuals through the mail.
Type: Data Breach
Attack Vector: Unauthorized Access
Threat Actor: Unauthorized User
Title: DoorDash Account Hack
Description: Dozens of DoorDash customers reported unauthorized access to their accounts resulting in fraudulent food deliveries and email address changes. The likely cause is credential stuffing using stolen usernames and passwords from other sites.
Type: Account Compromise
Attack Vector: Credential Stuffing
Vulnerability Exploited: Reused Usernames and Passwords
Motivation: FraudFinancial Gain
Title: DoorDash Data Breach
Description: Unauthorized access to user data including names, email addresses, phone numbers, hashed passwords, and driver's license numbers.
Date Detected: 2019-09-27
Date Publicly Disclosed: 2019-09-27
Type: Data Breach
Attack Vector: Unauthorized Access
Title: DoorDash Data Breach
Description: The Washington State Office of the Attorney General reported a data breach involving DoorDash Inc. on September 26, 2019. The breach, which was discovered on September 5, 2019, resulted from unauthorized access on May 4, 2019, affecting 2,243 Washington residents and compromising user data such as names, email addresses, phone numbers, and driver's license numbers.
Date Detected: 2019-09-05
Date Publicly Disclosed: 2019-09-26
Type: Data Breach
Attack Vector: Unauthorized Access
Title: DoorDash Email Spoofing Vulnerability Enabling Phishing Campaigns
Description: A vulnerability in DoorDash's systems allowed unauthorized users to send 'official' DoorDash-themed emails directly from the company's authorized servers ([email protected]). The flaw, discovered by a pseudonymous researcher (doublezero7), stemmed from an unvalidated input field in the DoorDash for Business platform, enabling HTML injection in email templates. This could be exploited to craft highly convincing phishing emails, targeting not only DoorDash customers and merchants but virtually any recipient. The vulnerability was patched after 15+ months of disclosure disputes between the researcher and DoorDash, with both parties accusing each other of unethical behavior. The flaw did not expose user data or grant access to internal systems but posed a significant phishing risk.
Date Publicly Disclosed: 2024-11-07
Date Resolved: 2024-11-03
Type: Email Spoofing
Attack Vector: Improper Input ValidationStored Cross-Site Scripting (XSS) in Email TemplatesAbuse of Business Logic (Budget Name Field)
Vulnerability Exploited: Stored HTML Injection via Budget Name Input FieldLack of Output Encoding in Email TemplatesInsufficient Email Client-Side Sanitization
Motivation: Potential Financial Gain (Extortion Attempt by Researcher)Phishing/Scam Campaigns (Hypothetical Threat Actors)Reputation Damage (Disclosure Dispute)
Title: DoorDash Data Breach Affecting 4.9 Million Users
Description: Restaurant and food delivery service DoorDash confirmed a data breach affecting 4.9 million customers, drivers, and merchants. An attacker used credentials obtained through a third-party service provider to gain unauthorized access to user data, including names, email addresses, delivery addresses (with phone numbers), order history hashes, and partial payment card details (last four digits). While no financial fraud or identity theft was confirmed, the exposed contact details increase the risk of targeted phishing, smishing, and vishing attacks. DoorDash blocked unauthorized access, notified law enforcement, and began alerting affected accounts.
Type: Data Breach
Attack Vector: Third-Party Vendor CompromiseCredential TheftSocial Engineering
Vulnerability Exploited: Human error (social engineering of third-party employee)
Motivation: Data TheftPotential Fraud Enablement
Title: DoorDash Data Breach via Social Engineering Attack (October 2023)
Description: DoorDash disclosed a cybersecurity incident where an unauthorized person accessed personal information of certain users (including Dashers and merchants) through a social engineering attack targeting an employee. The breach occurred on October 25, 2023, and was publicly disclosed on November 13, 2023. Affected data included names, email addresses, phone numbers, and physical addresses, but no sensitive information like payment details, government IDs, or Social Security numbers was exposed. DoorDash revoked the unauthorized access, notified affected users, and is cooperating with law enforcement. The company is reinforcing employee training and authentication protocols to prevent future incidents.
Date Detected: 2023-10-25
Date Publicly Disclosed: 2023-11-13
Type: Data Breach
Attack Vector: Social Engineering (Employee Targeted)
Vulnerability Exploited: Human Error / Lack of Authentication Protocols
Threat Actor: Unauthorized Individual (Unknown)
Title: DoorDash Employee Falls Victim to Social Engineering Scam, Exposing Customer Data
Description: A DoorDash employee fell victim to a social engineering scam, resulting in unauthorized access to some customer data. Officials confirmed that no ID numbers or payment information was released in the breach.
Type: Data Breach (Social Engineering)
Attack Vector: Social Engineering
Vulnerability Exploited: Human Error (Employee Susceptibility to Social Engineering)
Title: DoorDash Cybersecurity Incident Affecting New Yorkers
Description: DoorDash confirmed a cybersecurity incident where scammers accessed personal information of New Yorkers after an employee fell victim to a social engineering scam in October. The breach exposed names, phone numbers, email addresses, and physical addresses, but no sensitive data like Social Security numbers or payment information was compromised. DoorDash responded by shutting down unauthorized access, launching an investigation, and notifying law enforcement. They also set up a dedicated helpline (1-833-918-8030, reference code B155060) for affected users and committed to enhanced employee training to prevent future incidents.
Date Detected: 2023-10
Type: Data Breach
Attack Vector: Social Engineering (Phishing/Scam)
Vulnerability Exploited: Human Error (Employee Fell for Scam)
Threat Actor: Unknown (Scammers/Hackers)
Motivation: Unauthorized Data Access (Likely Financial or Data Theft)
Title: DoorDash Data Breach via Social Engineering Attack (October 2025)
Description: A sophisticated social engineering attack compromised personal information of DoorDash customers, Dashers (delivery workers), and merchants in October 2025. An unauthorized third party tricked a DoorDash employee into granting access to internal systems, exposing names, email addresses, phone numbers, and physical addresses. While DoorDash downplayed the severity (claiming no credit card details, SSNs, or passwords were accessed), experts warn that exposed data can be weaponized for phishing, identity theft, or targeted scams. The breach highlights persistent vulnerabilities in employee training and third-party risk management within the gig economy.
Date Detected: Early October 2025
Date Publicly Disclosed: Mid-November 2025
Type: Data Breach
Attack Vector: Phishing/Social Engineering (employee manipulation to gain internal system access)
Vulnerability Exploited: Human error (employee susceptibility to scams), lack of robust multi-factor authentication (MFA) enforcement
Threat Actor: Unidentified unauthorized third party
Motivation: Data TheftPotential Financial Gain (via phishing/identity theft)Targeted Scams
Title: DoorDash Data Breach via Social Engineering (October 2025)
Description: DoorDash, the food delivery app, suffered a major data breach in October 2025 due to social engineering, where a scammer convinced an employee to grant access to company data. The breach exposed personal information (names, addresses, phone numbers, email addresses) of millions of customers, putting them at risk of spear phishing and identity theft. This marks DoorDash's third major data breach since 2019. Notification to affected customers was delayed by 19 days.
Date Detected: 2025-10-01
Date Publicly Disclosed: 2025-10-20
Type: Data Breach
Attack Vector: Social Engineering
Vulnerability Exploited: Human Error (Employee Manipulation)
Threat Actor: Unidentified Scammer (Psychologically Skilled)
Motivation: Data Theft for Phishing/Scams
Title: DoorDash Social Engineering Data Breach (2025)
Description: In November 2025, DoorDash disclosed a data breach where an employee fell victim to a social engineering attack, leading to the compromise of customer, Dasher, and merchant personal information. The attackers gained unauthorized access using legitimate credentials obtained via manipulation, bypassing security awareness training. The breach exposed names, physical addresses, email addresses, and phone numbers but did not include sensitive data like Social Security numbers, driver’s license information, or payment card details. The incident underscores the vulnerability of human elements in cybersecurity and the need for AI-driven threat detection to mitigate dwell time and post-compromise risks.
Date Detected: 2025-10-25
Date Publicly Disclosed: 2025-11
Type: Data Breach
Attack Vector: Social EngineeringPhishing (Spear Phishing/Vishing)Compromised Credentials
Vulnerability Exploited: Human Trust and Error (Bypassed Security Awareness Training)
Motivation: Data Theft for Follow-on Attacks (e.g., Spear Phishing, Vishing)Potential Financial Gain via Stolen Data
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Third-party Vendor, DoorDash for Business Platform (Budget Name Input Field), Third-party service provider credentials (obtained via social engineering), Employee (Social Engineering), Social Engineering (Employee Targeted), Employee (Social Engineering Scam), Phishing email targeting a DoorDash employee, Employee manipulation (social engineering) and Social Engineering (Employee Credential Compromise).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach DOO0162922
Data Compromised: Names, Email addresses, Delivery addresses, Phone numbers, Basic order information, Partial credit card information
Incident : Data Breach DOO15123922
Data Compromised: Email addresses, Delivery addresses, Order history, Phone numbers, Hashed and salted passwords, Last four digits of credit cards, Last four digits of bank accounts
Incident : Account Compromise DOO232301022
Customer Complaints: ['Unauthorized account access', 'Fraudulent charges']
Incident : Data Breach DOO622072825
Data Compromised: Names, Email addresses, Phone numbers, Hashed passwords, Driver's license numbers
Incident : Data Breach DOO231072825
Data Compromised: Names, Email addresses, Phone numbers, Driver's license numbers
Incident : Email Spoofing DOO2492524111725
Data Compromised: None
Systems Affected: DoorDash for Business PlatformEmail Servers ([email protected])
Operational Impact: Risk of Phishing Attacks Targeting Customers/Merchants/General PublicDispute Over Vulnerability Disclosure Process
Brand Reputation Impact: Negative Publicity Due to Disclosure DisputePerception of Weak Security PracticesComparison to Uber's 2022 Email Spoofing Flaw
Identity Theft Risk: Low (Required User Interaction via Phishing)
Payment Information Risk: Low (Required User Interaction via Phishing)
Incident : Data Breach DOO5993759111725
Data Compromised: Names, Email addresses, Phone numbers, Physical addresses, Order history hashes, Last four digits of payment cards (dashers only)
Operational Impact: Increased risk of phishing/smishing/vishing attacks; reputational harm; customer notification efforts
Customer Complaints: Expected increase due to phishing risks
Brand Reputation Impact: Moderate (trust erosion, media coverage)
Identity Theft Risk: Low (no SSNs, full payment cards, or government IDs exposed)
Payment Information Risk: Low (only last four digits of payment cards for Dashers)
Incident : Data Breach DOO5632556111825
Data Compromised: Names, Email addresses, Phone numbers, Physical addresses
Operational Impact: Minimal (Access Revoked Immediately)
Customer Complaints: Backlash on Reddit for Downplaying Severity of Exposed Data (e.g., Names and Home Addresses as 'Non-Sensitive')
Brand Reputation Impact: Negative (Criticism for Data Handling, Stock Volatility)
Identity Theft Risk: No Indication of Misuse (as of Disclosure)
Payment Information Risk: None (Payment Information Not Exposed)
Incident : Data Breach (Social Engineering) DOO4293042111925
Data Compromised: Customer personal information (non-sensitive)
Brand Reputation Impact: Potential Negative Impact (Public Disclosure of Breach)
Identity Theft Risk: Low (No ID Numbers or Payment Information Compromised)
Payment Information Risk: None (Officials Confirmed No Payment Information Exposed)
Incident : Data Breach DOO5593355112025
Data Compromised: Full names, Phone numbers, Email addresses, Physical addresses
Brand Reputation Impact: Potential Negative Impact (Public Disclosure of Breach)
Identity Theft Risk: Low (No Sensitive PII like SSNs or Payment Data Exposed)
Payment Information Risk: None (No Payment Data Accessed)
Incident : Data Breach DOO5203452112125
Data Compromised: Names, Email addresses, Phone numbers, Physical addresses
Systems Affected: Internal systems (unspecified)
Operational Impact: Notification process to affected users (mid-to-late November 2025), partnership with security firms for investigation
Revenue Loss: Minor stock dip reported
Brand Reputation Impact: Negative; erosion of trust in gig economy platforms, potential regulatory scrutiny
Legal Liabilities: Possible fines or mandated audits under regulations like CCPA; historical context of lawsuits from 2019 breach
Identity Theft Risk: High (exposed PII can be used for phishing, spear-phishing, or cross-referencing with other databases)
Payment Information Risk: Low (DoorDash confirmed no credit card details or passwords were accessed)
Incident : Data Breach DOO3603136112725
Data Compromised: Names, Addresses, Phone numbers, Email addresses
Customer Complaints: Expected (due to delayed notification and phishing risks)
Brand Reputation Impact: High (third breach since 2019, delayed disclosure)
Identity Theft Risk: High (spear phishing, scams using stolen PII)
Payment Information Risk: Low (no credit card/Social Security numbers exposed)
Incident : Data Breach DOO4104241112725
Data Compromised: Names, Physical addresses, Email addresses, Phone numbers
Operational Impact: Potential Increased Risk of Follow-on Attacks (Spear Phishing/Vishing)
Brand Reputation Impact: High (High-Visibility Breach Undermining Trust in Security Posture)
Identity Theft Risk: Moderate (Exposed PII Could Enable Targeted Scams)
Payment Information Risk: None (Confirmed Not Accessed)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Email Addresses, Delivery Addresses, Phone Numbers, Basic Order Information, Partial Credit Card Information, , Email Addresses, Delivery Addresses, Order History, Phone Numbers, Hashed And Salted Passwords, Last Four Digits Of Credit Cards, Last Four Digits Of Bank Accounts, , Names, Email Addresses, Phone Numbers, Hashed Passwords, Driver'S License Numbers, , Names, Email Addresses, Phone Numbers, Driver'S License Numbers, , None, Personal Identifiable Information (Pii), Contact Information, Partial Payment Data, , Personal Information (Pii), , Personal Information (Non-Sensitive), , Personal Contact Details (Names, Phone Numbers, Emails, Physical Addresses), , Personally Identifiable Information (Pii), , Personally Identifiable Information (Pii), , Personal Identifiable Information (Pii) and .
Which entities were affected by each incident ?
Incident : Data Breach DOO15123922
Entity Name: DoorDash
Entity Type: Company
Industry: Food Delivery
Customers Affected: 4900000
Incident : Account Compromise DOO232301022
Entity Name: DoorDash
Entity Type: Company
Industry: Food Delivery
Customers Affected: Dozens
Incident : Data Breach DOO622072825
Entity Name: DoorDash, Inc.
Entity Type: Company
Industry: Food Delivery
Location: California
Customers Affected: 41740
Incident : Data Breach DOO231072825
Entity Name: DoorDash Inc.
Entity Type: Company
Industry: Food Delivery
Location: Washington
Customers Affected: 2243
Incident : Email Spoofing DOO2492524111725
Entity Name: DoorDash
Entity Type: Food Delivery Platform
Industry: Technology (On-Demand Services)
Location: San Francisco, California, USA
Size: Large (Public Company, ~10,000+ Employees)
Customers Affected: Potentially All DoorDash Users + General Public (via Spoofed Emails)
Incident : Data Breach DOO5993759111725
Entity Name: DoorDash
Entity Type: Food Delivery Platform
Industry: Technology / Logistics
Location: United States (Global Operations)
Customers Affected: 4.9 million (customers, drivers, merchants)
Incident : Data Breach DOO5632556111825
Entity Name: DoorDash
Entity Type: Food Delivery Platform
Industry: Technology / E-Commerce
Location: United States (HQ: San Francisco, CA)
Size: Large (Publicly Traded, NYSE: DASH)
Customers Affected: Certain Users (Dashers and Merchants)
Incident : Data Breach (Social Engineering) DOO4293042111925
Entity Name: DoorDash
Entity Type: Company
Industry: Food Delivery / Technology
Location: United States (Headquarters in San Francisco, CA)
Incident : Data Breach DOO5593355112025
Entity Name: DoorDash
Entity Type: Private Company
Industry: Food Delivery/Technology
Location: New York, USA (Affected Users: New Yorkers)
Customers Affected: New York-based Users (Exact Number Unspecified)
Incident : Data Breach DOO5203452112125
Entity Name: DoorDash
Entity Type: Food Delivery Platform
Industry: Gig Economy / Technology
Location: United States (primary market)
Size: Over 30 million users (customers, Dashers, merchants)
Customers Affected: Unspecified number (potentially large, given user base)
Incident : Data Breach DOO5203452112125
Entity Name: DoorDash Customers
Entity Type: Individuals
Location: Primarily United States
Customers Affected: Personal data exposed
Incident : Data Breach DOO5203452112125
Entity Name: Dashers (Delivery Workers)
Entity Type: Gig Workers
Industry: Food Delivery
Location: United States
Customers Affected: Personal data exposed (including physical addresses, raising safety concerns)
Incident : Data Breach DOO5203452112125
Entity Name: Merchants
Entity Type: Businesses
Industry: Food Service
Location: United States
Customers Affected: Personal/contact data exposed
Incident : Data Breach DOO3603136112725
Entity Name: DoorDash
Entity Type: Private Company
Industry: Food Delivery/Tech
Location: Canada (and global customers)
Size: Large (millions of customers)
Customers Affected: Millions
Incident : Data Breach DOO4104241112725
Entity Name: DoorDash
Entity Type: Food Delivery Platform
Industry: Technology / Food Delivery
Location: Global (Primarily USA)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach DOO0162922
Containment Measures: Disabled the vendor's access to their system and contained the incident.
Incident : Data Breach DOO15123922
Communication Strategy: Notified all affected individuals through the mail
Incident : Email Spoofing DOO2492524111725
Incident Response Plan Activated: Yes (After 15+ Months of Inaction)
Third Party Assistance: Hackerone (Bug Bounty Platform).
Containment Measures: Patch Applied to Input Validation in DoorDash for Business BackendHTML Sanitization in Email Templates
Remediation Measures: Closed Vulnerable Budget Name Input FieldEnhanced Email Template Rendering Security
Communication Strategy: Public Statement to BleepingComputerNo Direct Customer Notification Mentioned
Incident : Data Breach DOO5993759111725
Incident Response Plan Activated: True
Containment Measures: Blocked unauthorized access
Recovery Measures: Notifying affected users via in-app/email
Communication Strategy: Public blog postDirect notifications to affected usersMedia statements
Incident : Data Breach DOO5632556111825
Incident Response Plan Activated: Yes (Access Revoked, Users Notified)
Law Enforcement Notified: Yes (Investigation Ongoing)
Containment Measures: Immediate Access Revocation
Remediation Measures: Reinforced Employee TrainingStrengthened Authentication Protocols
Communication Strategy: Public Notice to Users (November 13, 2023)
Incident : Data Breach (Social Engineering) DOO4293042111925
Communication Strategy: Public Disclosure via Media (KELO.com)
Incident : Data Breach DOO5593355112025
Incident Response Plan Activated: True
Containment Measures: Shut Down Unauthorized Access
Remediation Measures: Investigation LaunchedEnhanced Employee Training
Recovery Measures: Dedicated Helpline for Affected Users (1-833-918-8030)
Communication Strategy: Public DisclosureHelpline with Reference Code (B155060)
Incident : Data Breach DOO5203452112125
Incident Response Plan Activated: Yes (swift action upon discovery)
Third Party Assistance: Partnerships with security firms for investigation and defense fortification
Containment Measures: Employee verification process enhancementsSystem access reviews
Remediation Measures: User notifications (email)Free credit monitoring via Experian (1 year)
Communication Strategy: Public statements downplaying severity, emails to affected users with mitigation advice (password updates, account monitoring)
Enhanced Monitoring: Implemented for employee access and unusual activity
Incident : Data Breach DOO3603136112725
Incident Response Plan Activated: Yes (delayed customer notification by 19 days)
Remediation Measures: Customer notification emailsAdvisory for credit freezes/monitoringPassword reset and 2FA recommendations
Communication Strategy: Email notificationsToll-free helpline (1-800-833-8030, ref: B155060)Public advisory on phishing risks
Incident : Data Breach DOO4104241112725
Incident Response Plan Activated: True
Containment Measures: Detection of Intrusion on 2025-10-25Access Containment (Timing Unspecified)
Communication Strategy: Public Disclosure in November 2025Advisory on Compromised Data Types
Enhanced Monitoring: AI-Driven Threat Detection (e.g., Seceon aiXDR Recommended)
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (After 15+ Months of Inaction), , Yes (Access Revoked, Users Notified), , Yes (swift action upon discovery), Yes (delayed customer notification by 19 days), .
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through HackerOne (Bug Bounty Platform), , Partnerships with security firms for investigation and defense fortification.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach DOO0162922
Type of Data Compromised: Names, Email addresses, Delivery addresses, Phone numbers, Basic order information, Partial credit card information
Personally Identifiable Information: namesemail addressesdelivery addressesphone numbers
Incident : Data Breach DOO15123922
Type of Data Compromised: Email addresses, Delivery addresses, Order history, Phone numbers, Hashed and salted passwords, Last four digits of credit cards, Last four digits of bank accounts
Number of Records Exposed: 4900000
Incident : Data Breach DOO622072825
Type of Data Compromised: Names, Email addresses, Phone numbers, Hashed passwords, Driver's license numbers
Number of Records Exposed: 41740
Sensitivity of Data: High
Incident : Data Breach DOO231072825
Type of Data Compromised: Names, Email addresses, Phone numbers, Driver's license numbers
Number of Records Exposed: 2243
Incident : Email Spoofing DOO2492524111725
Type of Data Compromised: None
Number of Records Exposed: 0
Sensitivity of Data: None
Data Exfiltration: No
Personally Identifiable Information: None
Incident : Data Breach DOO5993759111725
Type of Data Compromised: Personal identifiable information (pii), Contact information, Partial payment data
Number of Records Exposed: 4.9 million
Sensitivity of Data: Moderate (no full financial or government ID data)
Personally Identifiable Information: NamesEmail AddressesPhone NumbersPhysical Addresses
Incident : Data Breach DOO5632556111825
Type of Data Compromised: Personal information (pii)
Sensitivity of Data: Moderate (No Financial/Payment Data or Government IDs)
Data Exfiltration: Likely (Unauthorized Access Confirmed)
Personally Identifiable Information: NamesEmail AddressesPhone NumbersPhysical Addresses
Incident : Data Breach (Social Engineering) DOO4293042111925
Type of Data Compromised: Personal information (non-sensitive)
Sensitivity of Data: Low (No ID Numbers or Payment Information)
Data Exfiltration: Yes (Some Customer Data Accessed)
Personally Identifiable Information: Partial (Excluding ID Numbers and Payment Information)
Incident : Data Breach DOO5593355112025
Type of Data Compromised: Personal contact details (names, phone numbers, emails, physical addresses)
Sensitivity of Data: Moderate (No Highly Sensitive PII)
Personally Identifiable Information: Full NamesPhone NumbersEmail AddressesPhysical Addresses
Incident : Data Breach DOO5203452112125
Type of Data Compromised: Personally identifiable information (pii)
Number of Records Exposed: Unspecified (potentially large, given 30M+ user base)
Sensitivity of Data: Moderate (no financial data or passwords, but PII can enable phishing/identity theft)
Data Exfiltration: Likely (data accessed by unauthorized party)
Personally Identifiable Information: NamesEmail addressesPhone numbersPhysical addresses
Incident : Data Breach DOO3603136112725
Type of Data Compromised: Personally identifiable information (pii)
Number of Records Exposed: Millions
Sensitivity of Data: Moderate (no financial/PII like SSNs, but high phishing risk)
Data Exfiltration: Yes
Personally Identifiable Information: NamesAddressesPhone NumbersEmail Addresses
Incident : Data Breach DOO4104241112725
Type of Data Compromised: Personal identifiable information (pii)
Sensitivity of Data: Moderate (No Financial/Payment Data or Government IDs)
Personally Identifiable Information: NamesPhysical AddressesEmail AddressesPhone Numbers
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Closed Vulnerable Budget Name Input Field, Enhanced Email Template Rendering Security, , Reinforced Employee Training, Strengthened Authentication Protocols, , Investigation Launched, Enhanced Employee Training, , User notifications (email), Free credit monitoring via Experian (1 year), , Customer notification emails, Advisory for credit freezes/monitoring, Password reset and 2FA recommendations, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by disabled the vendor's access to their system and contained the incident., patch applied to input validation in doordash for business backend, html sanitization in email templates, , blocked unauthorized access, , immediate access revocation, , shut down unauthorized access, , employee verification process enhancements, system access reviews, , detection of intrusion on 2025-10-25, access containment (timing unspecified) and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach DOO5593355112025
Data Exfiltration: True
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Notifying affected users via in-app/email, , Dedicated Helpline for Affected Users (1-833-918-8030), .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Email Spoofing DOO2492524111725
Legal Actions: Researcher Banned from DoorDash Bug Bounty Program,
Incident : Data Breach DOO5993759111725
Regulatory Notifications: Expected under state breach-notification laws (e.g., California Consumer Privacy Act)
Incident : Data Breach DOO5203452112125
Regulations Violated: Potential violations of California Consumer Privacy Act (CCPA),
Legal Actions: Possible (historical context of lawsuits from 2019 breach)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Researcher Banned from DoorDash Bug Bounty Program, , Possible (historical context of lawsuits from 2019 breach).
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Email Spoofing DOO2492524111725
Lessons Learned: Importance of Timely Vulnerability Triage and Patch Management, Need for Clear Communication Channels Between Researchers and Companies, Risks of Misaligned Expectations in Bug Bounty Programs (Scope vs. Compensation), Ethical Boundaries in Vulnerability Disclosure (Extortion vs. Good Faith Reporting), Criticality of Input Validation in Customer-Facing Systems (Even 'Non-Critical' Fields Like Budget Names)
Incident : Data Breach DOO5993759111725
Lessons Learned: Supply chain vulnerabilities remain a critical risk vector, especially for third-party vendors with access to credentials., Social engineering continues to be a dominant attack method, bypassing technical controls., Contact information (phone numbers, addresses) can enable highly targeted phishing campaigns even without financial data exposure., Proactive user education and phishing-resistant MFA are essential for mitigating post-breach risks.
Incident : Data Breach DOO5632556111825
Lessons Learned: Importance of robust authentication protocols and employee training to mitigate social engineering risks. Need for clearer communication about the sensitivity of exposed data (e.g., physical addresses).
Incident : Data Breach DOO5593355112025
Lessons Learned: Enhanced employee training is critical to prevent social engineering attacks. Rapid incident response (shutting down access, investigation, and law enforcement notification) helps mitigate damage. Proactive customer communication (e.g., helpline) builds trust post-breach.
Incident : Data Breach DOO5203452112125
Lessons Learned: Human error remains a critical vulnerability; robust employee training and MFA enforcement are essential., Third-party risk management requires stricter controls, especially in gig economy platforms with vast PII repositories., Proactive measures (e.g., zero-trust architectures, AI-driven anomaly detection) are needed to prevent recurring breaches., Data minimization strategies can reduce breach impacts by limiting stored PII.
Incident : Data Breach DOO3603136112725
Lessons Learned: Social engineering remains a critical vulnerability; employee training is essential., Delayed breach notifications erode customer trust and increase risks (e.g., phishing)., Proactive credit monitoring/freezes should be recommended to affected users., Multi-factor authentication (2FA) is critical for mitigating post-breach account takeovers.
Incident : Data Breach DOO4104241112725
Lessons Learned: Human elements (e.g., social engineering) remain a critical vulnerability despite technical defenses., Security awareness training alone is insufficient; proactive, AI-driven detection (e.g., UEBA, XDR) is essential to mitigate dwell time., Legitimate credentials can be weaponized; behavioral analytics are required to detect anomalous activity post-compromise., Follow-on attacks (e.g., spear phishing) are a major risk when PII is exposed, even without financial data.
What recommendations were made to prevent future incidents ?
Incident : Account Compromise DOO232301022
Recommendations: Use unique passwords for different accounts, Enable two-factor authenticationUse unique passwords for different accounts, Enable two-factor authentication
Incident : Email Spoofing DOO2492524111725
Recommendations: Expand Bug Bounty Program Scope to Include Email-Related Vulnerabilities, Implement Automated Sanitization for All User-Supplied Input in Email Templates, Establish Escalation Protocols for Disputed Vulnerability Reports, Provide Transparent Timelines for Vulnerability Remediation, Conduct Regular Security Audits of Business Logic Abuse Vectors, Train Customer Support on Phishing Risks Stemming from Spoofed Emails, Monitor Dark Web for Exploitation of Similar Vulnerabilities in Competitor PlatformsExpand Bug Bounty Program Scope to Include Email-Related Vulnerabilities, Implement Automated Sanitization for All User-Supplied Input in Email Templates, Establish Escalation Protocols for Disputed Vulnerability Reports, Provide Transparent Timelines for Vulnerability Remediation, Conduct Regular Security Audits of Business Logic Abuse Vectors, Train Customer Support on Phishing Risks Stemming from Spoofed Emails, Monitor Dark Web for Exploitation of Similar Vulnerabilities in Competitor PlatformsExpand Bug Bounty Program Scope to Include Email-Related Vulnerabilities, Implement Automated Sanitization for All User-Supplied Input in Email Templates, Establish Escalation Protocols for Disputed Vulnerability Reports, Provide Transparent Timelines for Vulnerability Remediation, Conduct Regular Security Audits of Business Logic Abuse Vectors, Train Customer Support on Phishing Risks Stemming from Spoofed Emails, Monitor Dark Web for Exploitation of Similar Vulnerabilities in Competitor PlatformsExpand Bug Bounty Program Scope to Include Email-Related Vulnerabilities, Implement Automated Sanitization for All User-Supplied Input in Email Templates, Establish Escalation Protocols for Disputed Vulnerability Reports, Provide Transparent Timelines for Vulnerability Remediation, Conduct Regular Security Audits of Business Logic Abuse Vectors, Train Customer Support on Phishing Risks Stemming from Spoofed Emails, Monitor Dark Web for Exploitation of Similar Vulnerabilities in Competitor PlatformsExpand Bug Bounty Program Scope to Include Email-Related Vulnerabilities, Implement Automated Sanitization for All User-Supplied Input in Email Templates, Establish Escalation Protocols for Disputed Vulnerability Reports, Provide Transparent Timelines for Vulnerability Remediation, Conduct Regular Security Audits of Business Logic Abuse Vectors, Train Customer Support on Phishing Risks Stemming from Spoofed Emails, Monitor Dark Web for Exploitation of Similar Vulnerabilities in Competitor PlatformsExpand Bug Bounty Program Scope to Include Email-Related Vulnerabilities, Implement Automated Sanitization for All User-Supplied Input in Email Templates, Establish Escalation Protocols for Disputed Vulnerability Reports, Provide Transparent Timelines for Vulnerability Remediation, Conduct Regular Security Audits of Business Logic Abuse Vectors, Train Customer Support on Phishing Risks Stemming from Spoofed Emails, Monitor Dark Web for Exploitation of Similar Vulnerabilities in Competitor PlatformsExpand Bug Bounty Program Scope to Include Email-Related Vulnerabilities, Implement Automated Sanitization for All User-Supplied Input in Email Templates, Establish Escalation Protocols for Disputed Vulnerability Reports, Provide Transparent Timelines for Vulnerability Remediation, Conduct Regular Security Audits of Business Logic Abuse Vectors, Train Customer Support on Phishing Risks Stemming from Spoofed Emails, Monitor Dark Web for Exploitation of Similar Vulnerabilities in Competitor Platforms
Incident : Data Breach DOO5993759111725
Recommendations: Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.
Incident : Data Breach DOO5632556111825
Recommendations: Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Conduct regular phishing/social engineering simulations for employees., Enhance transparency in breach disclosures to address public concerns about data sensitivity., Monitor dark web for potential misuse of exposed data.Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Conduct regular phishing/social engineering simulations for employees., Enhance transparency in breach disclosures to address public concerns about data sensitivity., Monitor dark web for potential misuse of exposed data.Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Conduct regular phishing/social engineering simulations for employees., Enhance transparency in breach disclosures to address public concerns about data sensitivity., Monitor dark web for potential misuse of exposed data.Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Conduct regular phishing/social engineering simulations for employees., Enhance transparency in breach disclosures to address public concerns about data sensitivity., Monitor dark web for potential misuse of exposed data.
Incident : Data Breach DOO5593355112025
Recommendations: Implement Multi-Factor Authentication (MFA) for employee accounts to reduce phishing risks., Conduct regular security awareness training focused on social engineering tactics., Monitor dark web for exposed data and offer identity protection services to affected users if needed., Review and update incident response plans to ensure swift containment and communication.Implement Multi-Factor Authentication (MFA) for employee accounts to reduce phishing risks., Conduct regular security awareness training focused on social engineering tactics., Monitor dark web for exposed data and offer identity protection services to affected users if needed., Review and update incident response plans to ensure swift containment and communication.Implement Multi-Factor Authentication (MFA) for employee accounts to reduce phishing risks., Conduct regular security awareness training focused on social engineering tactics., Monitor dark web for exposed data and offer identity protection services to affected users if needed., Review and update incident response plans to ensure swift containment and communication.Implement Multi-Factor Authentication (MFA) for employee accounts to reduce phishing risks., Conduct regular security awareness training focused on social engineering tactics., Monitor dark web for exposed data and offer identity protection services to affected users if needed., Review and update incident response plans to ensure swift containment and communication.
Incident : Data Breach DOO5203452112125
Recommendations: Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.
Incident : Data Breach DOO3603136112725
Recommendations: Implement stricter access controls and social engineering awareness programs., Accelerate breach disclosure timelines to comply with best practices (e.g., GDPR’s 72-hour rule)., Offer free credit monitoring services to affected customers., Enforce mandatory 2FA for all user accounts., Conduct third-party audits of security protocols to prevent recurrence.Implement stricter access controls and social engineering awareness programs., Accelerate breach disclosure timelines to comply with best practices (e.g., GDPR’s 72-hour rule)., Offer free credit monitoring services to affected customers., Enforce mandatory 2FA for all user accounts., Conduct third-party audits of security protocols to prevent recurrence.Implement stricter access controls and social engineering awareness programs., Accelerate breach disclosure timelines to comply with best practices (e.g., GDPR’s 72-hour rule)., Offer free credit monitoring services to affected customers., Enforce mandatory 2FA for all user accounts., Conduct third-party audits of security protocols to prevent recurrence.Implement stricter access controls and social engineering awareness programs., Accelerate breach disclosure timelines to comply with best practices (e.g., GDPR’s 72-hour rule)., Offer free credit monitoring services to affected customers., Enforce mandatory 2FA for all user accounts., Conduct third-party audits of security protocols to prevent recurrence.Implement stricter access controls and social engineering awareness programs., Accelerate breach disclosure timelines to comply with best practices (e.g., GDPR’s 72-hour rule)., Offer free credit monitoring services to affected customers., Enforce mandatory 2FA for all user accounts., Conduct third-party audits of security protocols to prevent recurrence.
Incident : Data Breach DOO4104241112725
Recommendations: Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Importance of Timely Vulnerability Triage and Patch Management,Need for Clear Communication Channels Between Researchers and Companies,Risks of Misaligned Expectations in Bug Bounty Programs (Scope vs. Compensation),Ethical Boundaries in Vulnerability Disclosure (Extortion vs. Good Faith Reporting),Criticality of Input Validation in Customer-Facing Systems (Even 'Non-Critical' Fields Like Budget Names)Supply chain vulnerabilities remain a critical risk vector, especially for third-party vendors with access to credentials.,Social engineering continues to be a dominant attack method, bypassing technical controls.,Contact information (phone numbers, addresses) can enable highly targeted phishing campaigns even without financial data exposure.,Proactive user education and phishing-resistant MFA are essential for mitigating post-breach risks.Importance of robust authentication protocols and employee training to mitigate social engineering risks. Need for clearer communication about the sensitivity of exposed data (e.g., physical addresses).Enhanced employee training is critical to prevent social engineering attacks. Rapid incident response (shutting down access, investigation, and law enforcement notification) helps mitigate damage. Proactive customer communication (e.g., helpline) builds trust post-breach.Human error remains a critical vulnerability; robust employee training and MFA enforcement are essential.,Third-party risk management requires stricter controls, especially in gig economy platforms with vast PII repositories.,Proactive measures (e.g., zero-trust architectures, AI-driven anomaly detection) are needed to prevent recurring breaches.,Data minimization strategies can reduce breach impacts by limiting stored PII.Social engineering remains a critical vulnerability; employee training is essential.,Delayed breach notifications erode customer trust and increase risks (e.g., phishing).,Proactive credit monitoring/freezes should be recommended to affected users.,Multi-factor authentication (2FA) is critical for mitigating post-breach account takeovers.Human elements (e.g., social engineering) remain a critical vulnerability despite technical defenses.,Security awareness training alone is insufficient; proactive, AI-driven detection (e.g., UEBA, XDR) is essential to mitigate dwell time.,Legitimate credentials can be weaponized; behavioral analytics are required to detect anomalous activity post-compromise.,Follow-on attacks (e.g., spear phishing) are a major risk when PII is exposed, even without financial data.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Enhance **data minimization practices** to limit exposure of non-essential PII. and Invest in **privacy-by-design frameworks** to embed security into platform architecture..
References
Where can I find more information about each incident ?
Incident : Data Breach DOO622072825
Source: California Office of the Attorney General
Date Accessed: 2019-09-27
Incident : Data Breach DOO231072825
Source: Washington State Office of the Attorney General
Incident : Email Spoofing DOO2492524111725
Source: Researcher's Public Vulnerability Report (doublezero7)
Incident : Email Spoofing DOO2492524111725
Source: HackerOne Report #2608277
Date Accessed: 2024-07-17 (Closed as Informative)
Incident : Data Breach DOO5993759111725
Source: DoorDash Official Blog
Incident : Data Breach DOO5993759111725
Source: Verizon Data Breach Investigations Report (DBIR)
URL: https://www.verizon.com/business/resources/reports/dbir/
Incident : Data Breach DOO5993759111725
Source: FBI Internet Crime Complaint Center (IC3)
URL: https://www.ic3.gov/
Incident : Data Breach DOO5993759111725
Source: IBM Cost of a Data Breach Report 2023
Incident : Data Breach DOO5632556111825
Source: Shutterstock (Stock Performance Image)
URL: https://www.shutterstock.com
Date Accessed: 2023-11
Incident : Data Breach (Social Engineering) DOO4293042111925
Source: KELO.com
Incident : Data Breach DOO5593355112025
Source: Hudson Valley Post
Incident : Data Breach DOO5203452112125
Source: CT Insider
Incident : Data Breach DOO5203452112125
Source: TechCrunch
Incident : Data Breach DOO5203452112125
Source: USA Today
Incident : Data Breach DOO5203452112125
Source: BleepingComputer
Incident : Data Breach DOO3603136112725
Source: SOPA Images/LightRocket via Getty Images
Date Accessed: 2025-10-17
Incident : Data Breach DOO4104241112725
Source: Seceon Inc Blog
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2019-09-27, and Source: Washington State Office of the Attorney General, and Source: BleepingComputerUrl: https://www.bleepingcomputer.com/news/security/doordash-patches-flaw-that-let-anyone-send-official-company-emails/Date Accessed: 2024-11-07, and Source: Researcher's Public Vulnerability Report (doublezero7), and Source: HackerOne Report #2608277Date Accessed: 2024-07-17 (Closed as Informative), and Source: DoorDash Official Blog, and Source: Verizon Data Breach Investigations Report (DBIR)Url: https://www.verizon.com/business/resources/reports/dbir/, and Source: FBI Internet Crime Complaint Center (IC3)Url: https://www.ic3.gov/, and Source: IBM Cost of a Data Breach Report 2023Url: https://www.ibm.com/reports/data-breach, and Source: DoorDash Notice to UsersDate Accessed: 2023-11-13, and Source: Reddit User DiscussionsDate Accessed: 2023-11, and Source: Shutterstock (Stock Performance Image)Url: https://www.shutterstock.comDate Accessed: 2023-11, and Source: KELO.com, and Source: Hudson Valley Post, and Source: CT Insider, and Source: TechCrunch, and Source: USA Today, and Source: BleepingComputer, and Source: SOPA Images/LightRocket via Getty ImagesUrl: https://www.gettyimages.com/detail/news-photo/canada-2025-10-17-in-this-photo-illustration-the-doordash-news-photo/1234567890Date Accessed: 2025-10-17, and Source: DoorDash Customer AdvisoryDate Accessed: 2025-10-20, and Source: Seceon Inc BlogUrl: https://seceon.com/defending-the-enterprise-perimeter-the-lesson-from-the-doordash-social-engineering-breach/.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Email Spoofing DOO2492524111725
Investigation Status: Resolved (Vulnerability Patched, Disclosure Dispute Ongoing)
Incident : Data Breach DOO5993759111725
Investigation Status: Ongoing (collaboration with law enforcement)
Incident : Data Breach DOO5632556111825
Investigation Status: Ongoing (Law Enforcement Involved)
Incident : Data Breach (Social Engineering) DOO4293042111925
Investigation Status: Disclosed (Ongoing or Completed Status Unknown)
Incident : Data Breach DOO5593355112025
Investigation Status: Ongoing (Referred to Law Enforcement)
Incident : Data Breach DOO5203452112125
Investigation Status: Ongoing (in collaboration with external security firms)
Incident : Data Breach DOO3603136112725
Investigation Status: Ongoing (no public updates on root cause analysis)
Incident : Data Breach DOO4104241112725
Investigation Status: Contained (as of November 2025 disclosure)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified all affected individuals through the mail, Public Statement To Bleepingcomputer, No Direct Customer Notification Mentioned, Public Blog Post, Direct Notifications To Affected Users, Media Statements, Public Notice to Users (November 13, 2023), Public Disclosure via Media (KELO.com), Public Disclosure, Helpline With Reference Code (B155060), Public statements downplaying severity, emails to affected users with mitigation advice (password updates, account monitoring), Email Notifications, Toll-Free Helpline (1-800-833-8030, Ref: B155060), Public Advisory On Phishing Risks, Public Disclosure In November 2025 and Advisory On Compromised Data Types.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach DOO5993759111725
Stakeholder Advisories: Customers, Dashers, And Merchants Advised To Watch For Phishing Attempts Citing Order History Or Delivery Addresses., Official Notifications Will Never Request Passwords Or Full Payment Details..
Customer Advisories: Be wary of texts/calls/emails about the breach asking for clicks or login details.Navigate directly to the DoorDash app/website instead of clicking links.Enable MFA (preferably app-based) and monitor account activity.Check saved payment methods and update reused passwords.
Incident : Data Breach DOO5632556111825
Customer Advisories: Public Notice Issued (November 13, 2023)
Incident : Data Breach (Social Engineering) DOO4293042111925
Customer Advisories: Public Notification via Media (No Direct Advisory Mentioned)
Incident : Data Breach DOO5593355112025
Customer Advisories: Dedicated helpline (1-833-918-8030) with reference code B155060 for inquiries.
Incident : Data Breach DOO5203452112125
Stakeholder Advisories: Users advised to update passwords, monitor accounts, and enable two-factor authentication.
Customer Advisories: Emails sent to affected individuals offering 1 year of free credit monitoring via Experian.
Incident : Data Breach DOO3603136112725
Stakeholder Advisories: Customers Advised To Freeze Credit (Equifax, Transunion, Experian Links Provided)., Warning Against Phishing Calls/Emails Impersonating Doordash., Recommendation To Change Passwords And Enable 2Fa..
Customer Advisories: Credit Freeze Instructions: [{'agency': 'Equifax', 'url': 'https://www.equifax.com/personal/credit-report-services/credit-freeze/'}, {'agency': 'TransUnion', 'url': 'https://www.transunion.com/credit-freeze'}, {'agency': 'Experian', 'url': 'https://www.experian.com/freeze/center.html'}], Free Credit Report Url: https://www.annualcreditreport.com, Helpline: {'number': '1-800-833-8030', 'reference_code': 'B155060'}.
Incident : Data Breach DOO4104241112725
Customer Advisories: Public Notification of Compromised PII (No Financial Data Exposed)
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customers, Dashers, And Merchants Advised To Watch For Phishing Attempts Citing Order History Or Delivery Addresses., Official Notifications Will Never Request Passwords Or Full Payment Details., Be Wary Of Texts/Calls/Emails About The Breach Asking For Clicks Or Login Details., Navigate Directly To The Doordash App/Website Instead Of Clicking Links., Enable Mfa (Preferably App-Based) And Monitor Account Activity., Check Saved Payment Methods And Update Reused Passwords., , Public Notice Issued (November 13, 2023), Public Notification via Media (No Direct Advisory Mentioned), Dedicated Helpline (1-833-918-8030) With Reference Code B155060 For Inquiries., , Users advised to update passwords, monitor accounts, and enable two-factor authentication., Emails sent to affected individuals offering 1 year of free credit monitoring via Experian., Customers Advised To Freeze Credit (Equifax, Transunion, Experian Links Provided)., Warning Against Phishing Calls/Emails Impersonating Doordash., Recommendation To Change Passwords And Enable 2Fa., credit_freeze_instructions: [{'agency': 'Equifax', 'url': 'https://www.equifax.com/personal/credit-report-services/credit-freeze/'}, {'agency': 'TransUnion', 'url': 'https://www.transunion.com/credit-freeze'}, {'agency': 'Experian', 'url': 'https://www.experian.com/freeze/center.html'}], free_credit_report_url: https://www.annualcreditreport.com, helpline: {'number': '1-800-833-8030', 'reference_code': 'B155060'}, , Public Notification Of Compromised Pii (No Financial Data Exposed) and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach DOO0162922
Entry Point: Third-party Vendor
Incident : Email Spoofing DOO2492524111725
Entry Point: DoorDash for Business Platform (Budget Name Input Field)
Reconnaissance Period: 15+ Months (From Initial Report to Patch)
Backdoors Established: No
High Value Targets: Doordash Customers, Merchants, General Public (Via Spoofed Emails),
Data Sold on Dark Web: Doordash Customers, Merchants, General Public (Via Spoofed Emails),
Incident : Data Breach DOO5993759111725
Entry Point: Third-party service provider credentials (obtained via social engineering)
Reconnaissance Period: Approximately two weeks before the breach
High Value Targets: Customer Pii, Dasher Partial Payment Data,
Data Sold on Dark Web: Customer Pii, Dasher Partial Payment Data,
Incident : Data Breach DOO5632556111825
Entry Point: Employee (Social Engineering)
High Value Targets: User Data (Dashers And Merchants),
Data Sold on Dark Web: User Data (Dashers And Merchants),
Incident : Data Breach (Social Engineering) DOO4293042111925
Entry Point: Social Engineering (Employee Targeted)
Incident : Data Breach DOO5593355112025
Entry Point: Employee (Social Engineering Scam)
High Value Targets: Customer Database (Contact Details),
Data Sold on Dark Web: Customer Database (Contact Details),
Incident : Data Breach DOO5203452112125
Entry Point: Phishing email targeting a DoorDash employee
High Value Targets: Internal Systems Containing Customer/Dasher/Merchant Pii,
Data Sold on Dark Web: Internal Systems Containing Customer/Dasher/Merchant Pii,
Incident : Data Breach DOO3603136112725
Entry Point: Employee manipulation (social engineering)
High Value Targets: Customer Pii Database,
Data Sold on Dark Web: Customer Pii Database,
Incident : Data Breach DOO4104241112725
Entry Point: Social Engineering (Employee Credential Compromise)
High Value Targets: Customer/Dasher/Merchant Contact Databases,
Data Sold on Dark Web: Customer/Dasher/Merchant Contact Databases,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Account Compromise DOO232301022
Root Causes: Credential Stuffing
Incident : Email Spoofing DOO2492524111725
Root Causes: Lack Of Input Validation In Budget Name Field, Insufficient Output Encoding In Email Templates, Delayed Triage Of Vulnerability Report (15+ Months), Breakdown In Communication Between Researcher And Doordash, Misalignment On Bug Bounty Program Scope And Compensation,
Corrective Actions: Patched Input Validation In Doordash For Business Backend, Enhanced Email Template Security (Html Sanitization), Review Of Bug Bounty Program Policies And Scope, Internal Review Of Vulnerability Disclosure Processes,
Incident : Data Breach DOO5993759111725
Root Causes: Social Engineering Attack On A Third-Party Vendor Employee Leading To Credential Compromise., Insufficient Safeguards Against Supply Chain Attacks (E.G., Vendor Access Controls)., Lack Of Detection For Unauthorized Access Over A Two-Week Period.,
Corrective Actions: Review And Strengthen Third-Party Vendor Security Protocols., Enhance Monitoring For Unusual Access Patterns., Expand Employee Training On Social Engineering Threats., Implement Stricter Authentication For High-Risk Systems.,
Incident : Data Breach DOO5632556111825
Root Causes: Inadequate Authentication Safeguards For Employee Accounts., Successful Social Engineering Exploit Targeting An Employee.,
Corrective Actions: Reinforced Employee Training On Social Engineering Risks., Strengthened Authentication Protocols (Details Unspecified).,
Incident : Data Breach (Social Engineering) DOO4293042111925
Root Causes: Employee Susceptibility to Social Engineering
Incident : Data Breach DOO5593355112025
Root Causes: Employee Susceptibility To Social Engineering, Inadequate Safeguards Against Phishing/Scams,
Corrective Actions: Enhanced Employee Training, Incident Response Activation, Law Enforcement Collaboration,
Incident : Data Breach DOO5203452112125
Root Causes: Inadequate Employee Training On Social Engineering Tactics., Lack Of Enforced Multi-Factor Authentication (Mfa) For Internal Systems., Systemic Third-Party Risk Management Gaps (Historical Context From 2022 Vendor Breach)., Over-Reliance On Reactive Measures Rather Than Proactive Security Postures.,
Corrective Actions: Enhanced Employee Verification Processes., Partnerships With Security Firms To Audit And Fortify Defenses., Potential Adoption Of Zero-Trust Architectures And Ai-Driven Monitoring (Recommended).,
Incident : Data Breach DOO3603136112725
Root Causes: Inadequate Employee Training On Social Engineering Tactics., Lack Of Multi-Factor Authentication For Internal Systems., Delayed Incident Response And Customer Communication.,
Incident : Data Breach DOO4104241112725
Root Causes: Successful Social Engineering Attack Exploiting Human Trust/Error., Inadequate Real-Time Detection Of Anomalous Behavior Post-Credential Compromise., Over-Reliance On Security Awareness Training Without Technical Controls For Credential Misuse.,
Corrective Actions: Deployment Of Ai-Driven Xdr/Ueba Solutions For Behavioral Analytics., Enhanced Monitoring Of Privileged Access And Data Query Patterns., Automated Response Mechanisms (E.G., Soar) To Reduce Dwell Time., Review Of Identity And Access Management (Iam) Policies For Least-Privilege Enforcement.,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Hackerone (Bug Bounty Platform), , Partnerships with security firms for investigation and defense fortification, Implemented for employee access and unusual activity, Ai-Driven Threat Detection (E.G., Seceon Aixdr Recommended), .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Patched Input Validation In Doordash For Business Backend, Enhanced Email Template Security (Html Sanitization), Review Of Bug Bounty Program Policies And Scope, Internal Review Of Vulnerability Disclosure Processes, , Review And Strengthen Third-Party Vendor Security Protocols., Enhance Monitoring For Unusual Access Patterns., Expand Employee Training On Social Engineering Threats., Implement Stricter Authentication For High-Risk Systems., , Reinforced Employee Training On Social Engineering Risks., Strengthened Authentication Protocols (Details Unspecified)., , Enhanced Employee Training, Incident Response Activation, Law Enforcement Collaboration, , Enhanced Employee Verification Processes., Partnerships With Security Firms To Audit And Fortify Defenses., Potential Adoption Of Zero-Trust Architectures And Ai-Driven Monitoring (Recommended)., , Deployment Of Ai-Driven Xdr/Ueba Solutions For Behavioral Analytics., Enhanced Monitoring Of Privileged Access And Data Query Patterns., Automated Response Mechanisms (E.G., Soar) To Reduce Dwell Time., Review Of Identity And Access Management (Iam) Policies For Least-Privilege Enforcement., .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Unauthorized User, Unauthorized Individual (Unknown), Unknown (Scammers/Hackers), Unidentified unauthorized third party and Unidentified Scammer (Psychologically Skilled).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2019-09-27.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-11.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2024-11-03.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, email addresses, delivery addresses, phone numbers, basic order information, partial credit card information, , Email Addresses, Delivery Addresses, Order History, Phone Numbers, Hashed and Salted Passwords, Last Four Digits of Credit Cards, Last Four Digits of Bank Accounts, , names, email addresses, phone numbers, hashed passwords, driver's license numbers, , names, email addresses, phone numbers, driver's license numbers, , None, Names, Email Addresses, Phone Numbers, Physical Addresses, Order History Hashes, Last Four Digits of Payment Cards (Dashers only), , Names, Email Addresses, Phone Numbers, Physical Addresses, , Customer Personal Information (Non-Sensitive), , Full Names, Phone Numbers, Email Addresses, Physical Addresses, , Names, Email addresses, Phone numbers, Physical addresses, , Names, Addresses, Phone Numbers, Email Addresses, , Names, Physical Addresses, Email Addresses, Phone Numbers and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was DoorDash for Business PlatformEmail Servers ([email protected]) and Internal systems (unspecified).
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was hackerone (bug bounty platform), , Partnerships with security firms for investigation and defense fortification.
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Disabled the vendor's access to their system and contained the incident., Patch Applied to Input Validation in DoorDash for Business BackendHTML Sanitization in Email Templates, Blocked unauthorized access, Immediate Access Revocation, Shut Down Unauthorized Access, Employee verification process enhancementsSystem access reviews and Detection of Intrusion on 2025-10-25Access Containment (Timing Unspecified).
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Delivery Addresses, Hashed and Salted Passwords, Phone numbers, driver's license numbers, Last Four Digits of Bank Accounts, Email Addresses, basic order information, Customer Personal Information (Non-Sensitive), Physical Addresses, Order History, Email addresses, Order History Hashes, Last Four Digits of Credit Cards, Physical addresses, hashed passwords, Names, Phone Numbers, Last Four Digits of Payment Cards (Dashers only), Addresses, delivery addresses, email addresses, Full Names, phone numbers, partial credit card information, None and names.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 4.9M.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Researcher Banned from DoorDash Bug Bounty Program, , Possible (historical context of lawsuits from 2019 breach).
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Follow-on attacks (e.g., spear phishing) are a major risk when PII is exposed, even without financial data.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Conduct **regular phishing/social engineering simulations** to test employee vigilance., Conduct regular phishing/social engineering simulations for employees., Implement Multi-Factor Authentication (MFA) for employee accounts to reduce phishing risks., Establish Escalation Protocols for Disputed Vulnerability Reports, Monitor Dark Web for Exploitation of Similar Vulnerabilities in Competitor Platforms, Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios., Conduct third-party audits of security protocols to prevent recurrence., Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Invest in **privacy-by-design frameworks** to embed security into platform architecture., Monitor dark web for exposed data and offer identity protection services to affected users if needed., Review and update incident response plans to ensure swift containment and communication., Enforce mandatory 2FA for all user accounts., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Conduct regular security awareness training focused on social engineering tactics., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Expand Bug Bounty Program Scope to Include Email-Related Vulnerabilities, Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Enhance **data minimization practices** to limit exposure of non-essential PII., Enhance transparency in breach disclosures to address public concerns about data sensitivity., Accelerate breach disclosure timelines to comply with best practices (e.g., GDPR’s 72-hour rule)., Use unique passwords for different accounts, Provide Transparent Timelines for Vulnerability Remediation, Implement **zero-trust security models** to eliminate implicit trust in users/devices., Implement stricter access controls and social engineering awareness programs., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct Regular Security Audits of Business Logic Abuse Vectors, Offer free credit monitoring services to affected customers., Implement Automated Sanitization for All User-Supplied Input in Email Templates, Train Customer Support on Phishing Risks Stemming from Spoofed Emails, Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Enable two-factor authentication, Enforce least-privilege access principles to limit exposure from compromised credentials. and Monitor dark web for potential misuse of exposed data..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Shutterstock (Stock Performance Image), DoorDash Customer Advisory, IBM Cost of a Data Breach Report 2023, KELO.com, TechCrunch, Seceon Inc Blog, Washington State Office of the Attorney General, Researcher's Public Vulnerability Report (doublezero7), FBI Internet Crime Complaint Center (IC3), Hudson Valley Post, DoorDash Official Blog, CT Insider, USA Today, California Office of the Attorney General, SOPA Images/LightRocket via Getty Images, HackerOne Report #2608277, BleepingComputer, Reddit User Discussions, DoorDash Notice to Users and Verizon Data Breach Investigations Report (DBIR).
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.bleepingcomputer.com/news/security/doordash-patches-flaw-that-let-anyone-send-official-company-emails/, https://www.verizon.com/business/resources/reports/dbir/, https://www.ic3.gov/, https://www.ibm.com/reports/data-breach, https://www.shutterstock.com, https://www.gettyimages.com/detail/news-photo/canada-2025-10-17-in-this-photo-illustration-the-doordash-news-photo/1234567890, https://seceon.com/defending-the-enterprise-perimeter-the-lesson-from-the-doordash-social-engineering-breach/ .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Resolved (Vulnerability Patched, Disclosure Dispute Ongoing).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Customers, Dashers, and merchants advised to watch for phishing attempts citing order history or delivery addresses., Official notifications will never request passwords or full payment details., Users advised to update passwords, monitor accounts, and enable two-factor authentication., Customers advised to freeze credit (Equifax, TransUnion, Experian links provided)., Warning against phishing calls/emails impersonating DoorDash., Recommendation to change passwords and enable 2FA., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Be wary of texts/calls/emails about the breach asking for clicks or login details.Navigate directly to the DoorDash app/website instead of clicking links.Enable MFA (preferably app-based) and monitor account activity.Check saved payment methods and update reused passwords., Public Notice Issued (November 13, 2023), Public Notification via Media (No Direct Advisory Mentioned), Dedicated helpline (1-833-918-8030) with reference code B155060 for inquiries., Emails sent to affected individuals offering 1 year of free credit monitoring via Experian., credit_freeze_instructions: [{'agency': 'Equifax', 'url': 'https://www.equifax.com/personal/credit-report-services/credit-freeze/'}, {'agency': 'TransUnion', 'url': 'https://www.transunion.com/credit-freeze'}, {'agency': 'Experian', 'url': 'https://www.experian.com/freeze/center.html'}], free_credit_report_url: https://www.annualcreditreport.com, helpline: {'number': '1-800-833-8030', 'reference_code': 'B155060'}, and Public Notification of Compromised PII (No Financial Data Exposed).
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Employee (Social Engineering), Employee (Social Engineering Scam), Phishing email targeting a DoorDash employee, Employee manipulation (social engineering), Third-party service provider credentials (obtained via social engineering), Social Engineering (Employee Credential Compromise), Third-party Vendor, DoorDash for Business Platform (Budget Name Input Field) and Social Engineering (Employee Targeted).
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was 15+ Months (From Initial Report to Patch), Approximately two weeks before the breach.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Credential Stuffing, Lack of Input Validation in Budget Name FieldInsufficient Output Encoding in Email TemplatesDelayed Triage of Vulnerability Report (15+ Months)Breakdown in Communication Between Researcher and DoorDashMisalignment on Bug Bounty Program Scope and Compensation, Social engineering attack on a third-party vendor employee leading to credential compromise.Insufficient safeguards against supply chain attacks (e.g., vendor access controls).Lack of detection for unauthorized access over a two-week period., Inadequate authentication safeguards for employee accounts.Successful social engineering exploit targeting an employee., Employee Susceptibility to Social Engineering, Employee susceptibility to social engineeringInadequate safeguards against phishing/scams, Inadequate employee training on social engineering tactics.Lack of enforced multi-factor authentication (MFA) for internal systems.Systemic third-party risk management gaps (historical context from 2022 vendor breach).Over-reliance on reactive measures rather than proactive security postures., Inadequate employee training on social engineering tactics.Lack of multi-factor authentication for internal systems.Delayed incident response and customer communication., Successful social engineering attack exploiting human trust/error.Inadequate real-time detection of anomalous behavior post-credential compromise.Over-reliance on security awareness training without technical controls for credential misuse..
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Patched Input Validation in DoorDash for Business BackendEnhanced Email Template Security (HTML Sanitization)Review of Bug Bounty Program Policies and ScopeInternal Review of Vulnerability Disclosure Processes, Review and strengthen third-party vendor security protocols.Enhance monitoring for unusual access patterns.Expand employee training on social engineering threats.Implement stricter authentication for high-risk systems., Reinforced employee training on social engineering risks.Strengthened authentication protocols (details unspecified)., Enhanced employee trainingIncident response activationLaw enforcement collaboration, Enhanced employee verification processes.Partnerships with security firms to audit and fortify defenses.Potential adoption of zero-trust architectures and AI-driven monitoring (recommended)., Deployment of AI-driven XDR/UEBA solutions for behavioral analytics.Enhanced monitoring of privileged access and data query patterns.Automated response mechanisms (e.g., SOAR) to reduce dwell time.Review of identity and access management (IAM) policies for least-privilege enforcement..
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=doordash' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
