Badge
11,371 badges added since 01 January 2025
ISO 27001 Certificate
SOC 1 Type I Certificate
SOC 2 Type II Certificate
PCI DSS
HIPAA
RGPD
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions

DoorDash for Business Company CyberSecurity Posture

doordash.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

DoorDash for Business, a product of DoorDash, specializes in end-to-end delivery for every corporate food need. Our fast and easy meal program provides unparalleled service and quality for all sizes of companies and all types of occasions. This page is not being monitored for Help & Support requests. For all requests, please visit: https://help.doordash.com/business/s/work-support?language=en_US

DoorDash for Business A.I CyberSecurity Scoring

DB

Company Details

Linkedin ID:

doordash-for-business

Website:

https://business.doordash.com/

Employees number:

79

Number of followers:

3,070

NAICS:

513

Industry Type:

Technology, Information and Internet

Homepage:

doordash.com

IP Addresses:

0

Company ID:

DOO_2106142

Scan Status:

In-progress

AI scoreDB Risk Score (AI oriented)

Between 650 and 699

https://images.rankiteo.com/companyimages/doordash-for-business.jpeg
DB Technology, Information and Internet
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreDB Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/doordash-for-business.jpeg
DB Technology, Information and Internet
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

DB Company CyberSecurity News & History

Past Incidents
10
Attack Types
2
EntityTypeSeverityImpactSeenBlog DetailsSupply Chain SourceIncident DetailsView
DoorDash for BusinessBreach85411/2025NA
DOO5993759111725
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: DoorDash experienced a data breach affecting 4.9 million customers, drivers (Dashers), and merchants after an attacker exploited credentials from a third-party vendor to gain unauthorized access. Exposed data included names, email addresses, phone numbers, delivery addresses, order history hashes, and the last four digits of payment cards for Dashers. While no full financial details, SSNs, or government IDs were compromised, the leaked contact information heightens risks of targeted phishing, smishing (SMS scams), and vishing (voice fraud), with attackers potentially impersonating DoorDash support or merchants. The breach originated from social engineering, tricking an employee into divulging access credentials. DoorDash blocked the intrusion, engaged law enforcement, and began notifying affected users, though no direct fraud or identity theft has been confirmed yet. The incident underscores vulnerabilities in supply chain attacks and the persistent threat of human manipulation in breaches.

DoorDash for BusinessBreach85410/2025NA
DOO4104241112725
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: In November 2025, DoorDash confirmed a data breach resulting from a social engineering attack targeting an employee. The attacker successfully manipulated the employee into divulging legitimate credentials, granting unauthorized access to internal systems. While DoorDash detected and contained the intrusion on October 25, the attackers had already exfiltrated personal contact information of customers, Dashers, and merchants including names, physical addresses, email addresses, and phone numbers. Although no highly sensitive data (e.g., Social Security numbers, driver’s licenses, or payment card details) was compromised, the stolen information poses a significant risk for follow-on attacks such as spear phishing and vishing. The breach underscores the vulnerability of human elements in cybersecurity, emphasizing the need for AI-driven threat detection to mitigate dwell time and prevent data theft from compromised identities.

DoorDash for BusinessBreach60310/2025NA
DOO5632556111825
Rankiteo Explanation :
Attack with significant impact with internal employee data leaks

Description: DoorDash disclosed a cybersecurity incident on November 13, confirming a data breach caused by a social engineering attack targeting an employee on October 25. The unauthorized access exposed personal information of certain users, including Dashers and merchants, such as names, email addresses, phone numbers, and physical addresses. While DoorDash stated that no sensitive data (payment details, government IDs, or Social Security numbers) was compromised and no evidence of misuse (fraud/identity theft) was found, the breach sparked public backlash for downplaying the severity of exposed data (e.g., home addresses labeled as 'non-sensitive').The company revoked access immediately, notified affected users, and engaged law enforcement. To mitigate future risks, DoorDash is reinforcing employee training and strengthening authentication protocols. The incident coincides with stock volatility (down 21% this month) and a separate $18M legal settlement with Chicago over deceptive business practices, adding to operational and reputational pressures.

DoorDash for BusinessBreach8545/2025NA
DOO4293042111925
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: A DoorDash employee was targeted in a social engineering scam, leading to unauthorized access to some customer data. While the breach exposed personal information, officials confirmed that no ID numbers (e.g., Social Security numbers) or payment details were compromised. The incident highlights vulnerabilities in employee training and susceptibility to phishing or manipulation tactics, which allowed threat actors to bypass security measures. The exposed data may include names, email addresses, or delivery-related information, but the lack of financial or highly sensitive identifiers reduces the immediate risk of identity theft or fraud. However, the breach still poses reputational harm and potential follow-on attacks, such as targeted phishing campaigns against affected customers. DoorDash has not disclosed the exact number of impacted users, but the incident underscores the ongoing risks of human error in cybersecurity defenses.

DoorDash for BusinessVulnerability5027/2023NA
DOO2492524111725
Rankiteo Explanation :
Attack limited on finance or reputation:

Description: A vulnerability in DoorDash’s systems allowed threat actors to exploit an unpatched flaw in the DoorDash for Business platform, enabling them to send fully branded, official-looking emails from [email protected] by injecting arbitrary HTML into the 'Budget name' input field. This created a highly convincing phishing channel, as emails bypassed spam filters and appeared legitimate. The flaw, reported by a researcher in July 2023, remained unpatched for over 15 months due to disputes over disclosure ethics and financial demands. While no direct data breach or internal system access occurred, the vulnerability posed a significant reputational and financial risk by facilitating large-scale phishing attacks targeting customers, merchants, or arbitrary recipients. The company eventually patched the issue in November 2024 after public pressure, but the researcher was banned from DoorDash’s bug bounty program amid accusations of extortion. The incident highlights tensions between responsible disclosure and corporate response protocols in cybersecurity.

DoorDash for BusinessBreach80408/2022NA
DOO0162922
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: Food delivery firm DoorDash suffered a data breach exposing customer and employee data that was compromised in a cyberattack on Twilio. The threat actor gained access to the company's internal tools using stolen credentials from a third-party vendor that had access to their systems. As a response, they disabled the vendor's access to their system and contained the incident. The exposed information included the names, email addresses, delivery addresses, and phone numbers of consumers. In addition, for a small subset of customers, the hackers accessed basic order information and partial credit card information, including the card type and the last four digits of the card number.

DoorDash for BusinessBreach85409/2019NA
DOO15123922
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: DoorDash suffered a data breach after an unauthorized user gained access to the personal information of 4.9 million consumers, Dashers, and merchants. The exposed information included email addresses, delivery addresses, order history, phone numbers, and hashed and salted passwords, last four digits of their credit cards or bank accounts consumers, dashers, and merchants. The company notified all the affected individuals through the mail.

DoorDash for BusinessBreach8546/2019NA
DOO5203452112125
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: In October 2025, DoorDash suffered a sophisticated social engineering attack where an unauthorized third party tricked an employee into granting access to internal systems. The breach compromised personal information including names, email addresses, phone numbers, and physical addresses of an unspecified number of customers, delivery workers (Dashers), and merchants. While DoorDash claimed no 'sensitive' data (e.g., credit cards, SSNs, passwords) was exposed, the leaked details pose risks for phishing, identity theft, and targeted scams. The incident mirrors past breaches (2019: 5M users; 2022: driver license numbers), highlighting persistent vulnerabilities in employee training and third-party risk management. The company offered free credit monitoring but faced criticism for reactive measures. The breach underscores systemic gaps in the gig economy’s cybersecurity, with potential reputational damage, regulatory scrutiny, and heightened risks for affected users (e.g., Dashers’ physical safety).

DoorDash for BusinessBreach8545/2019NA
DOO622072825
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: The California Office of the Attorney General reported on September 27, 2019, that DoorDash, Inc. experienced a data breach on May 4, 2019, involving unauthorized access to user data. Approximately 41,740 California residents were affected, with compromised information including names, email addresses, phone numbers, hashed passwords, and driver's license numbers.

DoorDash for BusinessBreach50109/2018NA
DOO232301022
Rankiteo Explanation :
Attack without any consequences

Description: Food delivery startup DoorDash customer's accounts have been hacked. Dozens of people have tweeted that their accounts had been improperly accessed and had fraudulent food deliveries charged to their account. The hackers changed their email addresses. There has been no data breach and that the likely culprit was credential stuffing, in which hackers take lists of stolen usernames and passwords and try them on other sites that may use the same credentials.

DoorDash
Breach
Severity: 85
Impact: 4
Seen: 11/2025
Blog:
Supply Chain Source: NA
DOO5993759111725
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: DoorDash experienced a data breach affecting 4.9 million customers, drivers (Dashers), and merchants after an attacker exploited credentials from a third-party vendor to gain unauthorized access. Exposed data included names, email addresses, phone numbers, delivery addresses, order history hashes, and the last four digits of payment cards for Dashers. While no full financial details, SSNs, or government IDs were compromised, the leaked contact information heightens risks of targeted phishing, smishing (SMS scams), and vishing (voice fraud), with attackers potentially impersonating DoorDash support or merchants. The breach originated from social engineering, tricking an employee into divulging access credentials. DoorDash blocked the intrusion, engaged law enforcement, and began notifying affected users, though no direct fraud or identity theft has been confirmed yet. The incident underscores vulnerabilities in supply chain attacks and the persistent threat of human manipulation in breaches.

DoorDash
Breach
Severity: 85
Impact: 4
Seen: 10/2025
Blog:
Supply Chain Source: NA
DOO4104241112725
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: In November 2025, DoorDash confirmed a data breach resulting from a social engineering attack targeting an employee. The attacker successfully manipulated the employee into divulging legitimate credentials, granting unauthorized access to internal systems. While DoorDash detected and contained the intrusion on October 25, the attackers had already exfiltrated personal contact information of customers, Dashers, and merchants including names, physical addresses, email addresses, and phone numbers. Although no highly sensitive data (e.g., Social Security numbers, driver’s licenses, or payment card details) was compromised, the stolen information poses a significant risk for follow-on attacks such as spear phishing and vishing. The breach underscores the vulnerability of human elements in cybersecurity, emphasizing the need for AI-driven threat detection to mitigate dwell time and prevent data theft from compromised identities.

DoorDash
Breach
Severity: 60
Impact: 3
Seen: 10/2025
Blog:
Supply Chain Source: NA
DOO5632556111825
Rankiteo Explanation
Attack with significant impact with internal employee data leaks

Description: DoorDash disclosed a cybersecurity incident on November 13, confirming a data breach caused by a social engineering attack targeting an employee on October 25. The unauthorized access exposed personal information of certain users, including Dashers and merchants, such as names, email addresses, phone numbers, and physical addresses. While DoorDash stated that no sensitive data (payment details, government IDs, or Social Security numbers) was compromised and no evidence of misuse (fraud/identity theft) was found, the breach sparked public backlash for downplaying the severity of exposed data (e.g., home addresses labeled as 'non-sensitive').The company revoked access immediately, notified affected users, and engaged law enforcement. To mitigate future risks, DoorDash is reinforcing employee training and strengthening authentication protocols. The incident coincides with stock volatility (down 21% this month) and a separate $18M legal settlement with Chicago over deceptive business practices, adding to operational and reputational pressures.

DoorDash
Breach
Severity: 85
Impact: 4
Seen: 5/2025
Blog:
Supply Chain Source: NA
DOO4293042111925
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: A DoorDash employee was targeted in a social engineering scam, leading to unauthorized access to some customer data. While the breach exposed personal information, officials confirmed that no ID numbers (e.g., Social Security numbers) or payment details were compromised. The incident highlights vulnerabilities in employee training and susceptibility to phishing or manipulation tactics, which allowed threat actors to bypass security measures. The exposed data may include names, email addresses, or delivery-related information, but the lack of financial or highly sensitive identifiers reduces the immediate risk of identity theft or fraud. However, the breach still poses reputational harm and potential follow-on attacks, such as targeted phishing campaigns against affected customers. DoorDash has not disclosed the exact number of impacted users, but the incident underscores the ongoing risks of human error in cybersecurity defenses.

DoorDash
Vulnerability
Severity: 50
Impact: 2
Seen: 7/2023
Blog:
Supply Chain Source: NA
DOO2492524111725
Rankiteo Explanation
Attack limited on finance or reputation:

Description: A vulnerability in DoorDash’s systems allowed threat actors to exploit an unpatched flaw in the DoorDash for Business platform, enabling them to send fully branded, official-looking emails from [email protected] by injecting arbitrary HTML into the 'Budget name' input field. This created a highly convincing phishing channel, as emails bypassed spam filters and appeared legitimate. The flaw, reported by a researcher in July 2023, remained unpatched for over 15 months due to disputes over disclosure ethics and financial demands. While no direct data breach or internal system access occurred, the vulnerability posed a significant reputational and financial risk by facilitating large-scale phishing attacks targeting customers, merchants, or arbitrary recipients. The company eventually patched the issue in November 2024 after public pressure, but the researcher was banned from DoorDash’s bug bounty program amid accusations of extortion. The incident highlights tensions between responsible disclosure and corporate response protocols in cybersecurity.

DoorDash
Breach
Severity: 80
Impact: 4
Seen: 08/2022
Blog:
Supply Chain Source: NA
DOO0162922
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: Food delivery firm DoorDash suffered a data breach exposing customer and employee data that was compromised in a cyberattack on Twilio. The threat actor gained access to the company's internal tools using stolen credentials from a third-party vendor that had access to their systems. As a response, they disabled the vendor's access to their system and contained the incident. The exposed information included the names, email addresses, delivery addresses, and phone numbers of consumers. In addition, for a small subset of customers, the hackers accessed basic order information and partial credit card information, including the card type and the last four digits of the card number.

DoorDash
Breach
Severity: 85
Impact: 4
Seen: 09/2019
Blog:
Supply Chain Source: NA
DOO15123922
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: DoorDash suffered a data breach after an unauthorized user gained access to the personal information of 4.9 million consumers, Dashers, and merchants. The exposed information included email addresses, delivery addresses, order history, phone numbers, and hashed and salted passwords, last four digits of their credit cards or bank accounts consumers, dashers, and merchants. The company notified all the affected individuals through the mail.

DoorDash
Breach
Severity: 85
Impact: 4
Seen: 6/2019
Blog:
Supply Chain Source: NA
DOO5203452112125
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: In October 2025, DoorDash suffered a sophisticated social engineering attack where an unauthorized third party tricked an employee into granting access to internal systems. The breach compromised personal information including names, email addresses, phone numbers, and physical addresses of an unspecified number of customers, delivery workers (Dashers), and merchants. While DoorDash claimed no 'sensitive' data (e.g., credit cards, SSNs, passwords) was exposed, the leaked details pose risks for phishing, identity theft, and targeted scams. The incident mirrors past breaches (2019: 5M users; 2022: driver license numbers), highlighting persistent vulnerabilities in employee training and third-party risk management. The company offered free credit monitoring but faced criticism for reactive measures. The breach underscores systemic gaps in the gig economy’s cybersecurity, with potential reputational damage, regulatory scrutiny, and heightened risks for affected users (e.g., Dashers’ physical safety).

DoorDash, Inc.
Breach
Severity: 85
Impact: 4
Seen: 5/2019
Blog:
Supply Chain Source: NA
DOO622072825
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: The California Office of the Attorney General reported on September 27, 2019, that DoorDash, Inc. experienced a data breach on May 4, 2019, involving unauthorized access to user data. Approximately 41,740 California residents were affected, with compromised information including names, email addresses, phone numbers, hashed passwords, and driver's license numbers.

DoorDash
Breach
Severity: 50
Impact: 1
Seen: 09/2018
Blog:
Supply Chain Source: NA
DOO232301022
Rankiteo Explanation
Attack without any consequences

Description: Food delivery startup DoorDash customer's accounts have been hacked. Dozens of people have tweeted that their accounts had been improperly accessed and had fraudulent food deliveries charged to their account. The hackers changed their email addresses. There has been no data breach and that the likely culprit was credential stuffing, in which hackers take lists of stolen usernames and passwords and try them on other sites that may use the same credentials.

Ailogo

DB Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

🔒
Incident Predictions locked
Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

🔒
A.I. Risk Score Predictions locked
Access Monitoring Plan
statics

Underwriter Stats for DB

Incidents vs Technology, Information and Internet Industry Average (This Year)

No incidents recorded for DoorDash for Business in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for DoorDash for Business in 2026.

Incident Types DB vs Technology, Information and Internet Industry Avg (This Year)

No incidents recorded for DoorDash for Business in 2026.

Incident History — DB (X = Date, Y = Severity)

DB cyber incidents detection timeline including parent company and subsidiaries

DB Company Subsidiaries

SubsidiaryImage

DoorDash for Business, a product of DoorDash, specializes in end-to-end delivery for every corporate food need. Our fast and easy meal program provides unparalleled service and quality for all sizes of companies and all types of occasions. This page is not being monitored for Help & Support requests. For all requests, please visit: https://help.doordash.com/business/s/work-support?language=en_US

similarCompanies

DB Similar Companies

Mercado Livre Brasil
mercadolivre.com

At Mercado Libre, we are transforming the way people buy, sell, advertise, pay, finance, and ship across Latin America. We are the leading e-commerce and fintech company in the region, with a presence in 18 countries and a team of more than 120,000 people. We are one of the best places to work in L

Security Report Compare
NetEase
netease.com

As a leading internet technology company based in China, NetEase, Inc. (NASDAQ: NTES and HKEX:9999, "NetEase") provides premium online services centered around content creation. With extensive offerings across its expanding gaming ecosystem, NetEase develops and operates some of China's most popula

Security Report Compare

We're a global technology group focused on innovation and collaboration to create a better future for all. Since 1976, we've been pioneering new technologies and expanding our reach to more people and places. Today, we provide services to over 163 million customers across 16 countries in the Middle

Security Report Compare

Fanatics is a leading global digital sports platform. We ignite the passions of global sports fans and maximize the presence and reach for our hundreds of sports partners globally by offering products and services across Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming, allowi

Security Report Compare

At eBay, we create pathways to connect millions of sellers and buyers in more than 190 markets around the world. Our technology empowers our customers, providing everyone the opportunity to grow and thrive — no matter who they are or where they are in the world. And the ripple effect of our work cre

Security Report Compare
Delivery Hero
deliveryhero.com

As the world’s leading local delivery platform, our mission is to deliver an amazing experience, fast, easy, and to your door. We operate in over 70+ countries worldwide, powered by tech but driven by people. As one of Europe’s largest tech platforms, we enable ambitious talent to deliver solutions

Security Report Compare
Mynet
mynet.com

Türk internet kullanıcılarının en çok tercih ettiği dijital platform olan Mynet, 1999 yılından bugüne liderliğini koruyor. Kendi alanında sayısız ilki gerçekleştiren öncü internet devi Mynet, Türkiye'nin dijital ekosisteminin kalkınmasına ve gelişmesine destek olmayı sürdürüyor.   Her ay ortalama 4

Security Report Compare
Freelancer.com
freelancer.com

Thirteen-time Webby award-winning Freelancer is the world’s largest freelancing and crowdsourcing marketplace by total number of users and projects posted. More than 80 million registered users have posted over 25 million projects and contests to date in over 3,000 areas as diverse as website develo

Security Report Compare
Myntra
myntra.com

At Myntra, we don’t just follow fashion - we define it. As India's leading fashion, lifestyle, and beauty destination, we bring together the best of style, technology, and innovation to create a seamless shopping experience for our customers. With a commitment to empowering self-expression, we cura

Security Report Compare
newsone

DB CyberSecurity News

November 21, 2025 08:00 AM
DoorDash Confirms Data Breach After Social Engineering Attack on Employee

Food and retail delivery company DoorDash has confirmed a data breach that compromised consumers' and business partners' information after...

Read Article
November 20, 2025 08:00 AM
DoorDash confirms user data theft for an unknown number of customers

Popular iPhone app and delivery service DoorDash, has confirmed that hackers have stolen personal information, and is informing those...

Read Article
November 20, 2025 08:00 AM
Doordash data breach exposes names, addresses, phone numbers, and more

A Doordash data breach has exposed the personal data of an unspecified number of customers, including name, phone number, email address,...

Read Article
November 20, 2025 08:00 AM
DoorDash Data Breach Highlights the Human Weak Link in Cyber Defense

DoorDash has confirmed a new data breach exposing customer, delivery worker, and merchant information—including names, email addresses,...

Read Article
November 20, 2025 08:00 AM
A Strange DoorDash Breach Has New York Wondering What’s Next

DoorDash is alerting New Yorkers that scammers may have accessed your personal information. It started with one employee falling for a scam.

Read Article
November 20, 2025 08:00 AM
DoorDash 2025 Data Breach Exposes Customer Info in Social Engineering Attack

In the fast-paced world of food delivery, where convenience is king, DoorDash has long positioned itself as a leader, serving millions...

Read Article
November 20, 2025 08:00 AM
DoorDash Data Breach Exposes Customer Info After Employee Scam

DoorDash confirms data breach after employee scam, exposing names, emails, and addresses. No financial data stolen but experts urge caution.

Read Article
November 19, 2025 08:00 AM
DoorDash Hacked: Employee Falls Victim to Social Engineering Tactic

Food delivery giant DoorDash has confirmed a cybersecurity breach that exposed the personal information of an unspecified number of users,...

Read Article
November 19, 2025 08:00 AM
DoorDash reports cybersecurity incident; Assures no sensitive data compromised

NATIONWIDE – DoorDash announced today, November 13, 2025, that it recently identified and contained a cybersecurity incident in which an...

Read Article
faq

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

DB CyberSecurity History Information

Official Website of DoorDash for Business

The official website of DoorDash for Business is https://business.doordash.com/.

DoorDash for Business’s AI-Generated Cybersecurity Score

According to Rankiteo, DoorDash for Business’s AI-generated cybersecurity score is 699, reflecting their Weak security posture.

How many security badges does DoorDash for Business’ have ?

According to Rankiteo, DoorDash for Business currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has DoorDash for Business been affected by any supply chain cyber incidents ?

According to Rankiteo, DoorDash for Business has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does DoorDash for Business have SOC 2 Type 1 certification ?

According to Rankiteo, DoorDash for Business is not certified under SOC 2 Type 1.

Does DoorDash for Business have SOC 2 Type 2 certification ?

According to Rankiteo, DoorDash for Business does not hold a SOC 2 Type 2 certification.

Does DoorDash for Business comply with GDPR ?

According to Rankiteo, DoorDash for Business is not listed as GDPR compliant.

Does DoorDash for Business have PCI DSS certification ?

According to Rankiteo, DoorDash for Business does not currently maintain PCI DSS compliance.

Does DoorDash for Business comply with HIPAA ?

According to Rankiteo, DoorDash for Business is not compliant with HIPAA regulations.

Does DoorDash for Business have ISO 27001 certification ?

According to Rankiteo,DoorDash for Business is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Industry Classification of DoorDash for Business

DoorDash for Business operates primarily in the Technology, Information and Internet industry.

Number of Employees at DoorDash for Business

DoorDash for Business employs approximately 79 people worldwide.

Subsidiaries Owned by DoorDash for Business

DoorDash for Business presently has no subsidiaries across any sectors.

DoorDash for Business’s LinkedIn Followers

DoorDash for Business’s official LinkedIn profile has approximately 3,070 followers.

NAICS Classification of DoorDash for Business

DoorDash for Business is classified under the NAICS code 513, which corresponds to Others.

DoorDash for Business’s Presence on Crunchbase

No, DoorDash for Business does not have a profile on Crunchbase.

DoorDash for Business’s Presence on LinkedIn

Yes, DoorDash for Business maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/doordash-for-business.

Cybersecurity Incidents Involving DoorDash for Business

As of January 21, 2026, Rankiteo reports that DoorDash for Business has experienced 10 cybersecurity incidents.

Number of Peer and Competitor Companies

DoorDash for Business has an estimated 13,458 peer or competitor companies worldwide.

What types of cybersecurity incidents have occurred at DoorDash for Business ?

Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Breach.

How does DoorDash for Business detect and respond to cybersecurity incidents ?

Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with disabled the vendor's access to their system and contained the incident., and communication strategy with notified all affected individuals through the mail, and incident response plan activated with yes (after 15+ months of inaction), and third party assistance with hackerone (bug bounty platform), and containment measures with patch applied to input validation in doordash for business backend, containment measures with html sanitization in email templates, and remediation measures with closed vulnerable budget name input field, remediation measures with enhanced email template rendering security, and communication strategy with public statement to bleepingcomputer, communication strategy with no direct customer notification mentioned, and and and containment measures with blocked unauthorized access, and recovery measures with notifying affected users via in-app/email, and communication strategy with public blog post, communication strategy with direct notifications to affected users, communication strategy with media statements, and incident response plan activated with yes (access revoked, users notified), and law enforcement notified with yes (investigation ongoing), and containment measures with immediate access revocation, and remediation measures with reinforced employee training, remediation measures with strengthened authentication protocols, and communication strategy with public notice to users (november 13, 2023), and communication strategy with public disclosure via media (kelo.com), and incident response plan activated with yes (swift action upon discovery), and third party assistance with partnerships with security firms for investigation and defense fortification, and containment measures with employee verification process enhancements, containment measures with system access reviews, and remediation measures with user notifications (email), remediation measures with free credit monitoring via experian (1 year), and communication strategy with public statements downplaying severity, emails to affected users with mitigation advice (password updates, account monitoring), and enhanced monitoring with implemented for employee access and unusual activity, and and containment measures with detection of intrusion on 2025-10-25, containment measures with access containment (timing unspecified), and communication strategy with public disclosure in november 2025, communication strategy with advisory on compromised data types, and enhanced monitoring with ai-driven threat detection (e.g., seceon aixdr recommended)..

Incident Details

Can you provide details on each incident ?

Incident : Data Breach

measurementExposure impactImpact

Title: DoorDash Data Breach

Description: DoorDash suffered a data breach exposing customer and employee data that was compromised in a cyberattack on Twilio. The threat actor gained access to the company's internal tools using stolen credentials from a third-party vendor that had access to their systems.

Type: Data Breach

Attack Vector: Stolen Credentials

Vulnerability Exploited: Third-party Vendor Access

Incident : Data Breach

measurementExposure impactImpact

Title: DoorDash Data Breach

Description: DoorDash suffered a data breach after an unauthorized user gained access to the personal information of 4.9 million consumers, Dashers, and merchants. The exposed information included email addresses, delivery addresses, order history, phone numbers, and hashed and salted passwords, last four digits of their credit cards or bank accounts consumers, dashers, and merchants. The company notified all the affected individuals through the mail.

Type: Data Breach

Attack Vector: Unauthorized Access

Threat Actor: Unauthorized User

Incident : Data Breach

measurementExposure impactImpact

Title: DoorDash Data Breach

Description: Unauthorized access to user data including names, email addresses, phone numbers, hashed passwords, and driver's license numbers.

Date Detected: 2019-09-27

Date Publicly Disclosed: 2019-09-27

Type: Data Breach

Attack Vector: Unauthorized Access

Incident : Data Breach

measurementExposure impactImpact

Title: DoorDash Data Breach Affecting 4.9 Million Users

Description: Restaurant and food delivery service DoorDash confirmed a data breach affecting 4.9 million customers, drivers, and merchants. An attacker used credentials obtained through a third-party service provider to gain unauthorized access to user data, including names, email addresses, delivery addresses (with phone numbers), order history hashes, and partial payment card details (last four digits). While no financial fraud or identity theft was confirmed, the exposed contact details increase the risk of targeted phishing, smishing, and vishing attacks. DoorDash blocked unauthorized access, notified law enforcement, and began alerting affected accounts.

Type: Data Breach

Attack Vector: Third-Party Vendor CompromiseCredential TheftSocial Engineering

Vulnerability Exploited: Human error (social engineering of third-party employee)

Motivation: Data TheftPotential Fraud Enablement

Incident : Data Breach

measurementExposure impactImpact

Title: DoorDash Data Breach via Social Engineering Attack (October 2023)

Description: DoorDash disclosed a cybersecurity incident where an unauthorized person accessed personal information of certain users (including Dashers and merchants) through a social engineering attack targeting an employee. The breach occurred on October 25, 2023, and was publicly disclosed on November 13, 2023. Affected data included names, email addresses, phone numbers, and physical addresses, but no sensitive information like payment details, government IDs, or Social Security numbers was exposed. DoorDash revoked the unauthorized access, notified affected users, and is cooperating with law enforcement. The company is reinforcing employee training and authentication protocols to prevent future incidents.

Date Detected: 2023-10-25

Date Publicly Disclosed: 2023-11-13

Type: Data Breach

Attack Vector: Social Engineering (Employee Targeted)

Vulnerability Exploited: Human Error / Lack of Authentication Protocols

Threat Actor: Unauthorized Individual (Unknown)

Incident : Data Breach (Social Engineering)

measurementExposure impactImpact

Title: DoorDash Employee Falls Victim to Social Engineering Scam, Exposing Customer Data

Description: A DoorDash employee fell victim to a social engineering scam, resulting in unauthorized access to some customer data. Officials confirmed that no ID numbers or payment information was released in the breach.

Type: Data Breach (Social Engineering)

Attack Vector: Social Engineering

Vulnerability Exploited: Human Error (Employee Susceptibility to Social Engineering)

Incident : Data Breach

measurementExposure impactImpact

Title: DoorDash Data Breach via Social Engineering Attack (October 2025)

Description: A sophisticated social engineering attack compromised personal information of DoorDash customers, Dashers (delivery workers), and merchants in October 2025. An unauthorized third party tricked a DoorDash employee into granting access to internal systems, exposing names, email addresses, phone numbers, and physical addresses. While DoorDash downplayed the severity (claiming no credit card details, SSNs, or passwords were accessed), experts warn that exposed data can be weaponized for phishing, identity theft, or targeted scams. The breach highlights persistent vulnerabilities in employee training and third-party risk management within the gig economy.

Date Detected: Early October 2025

Date Publicly Disclosed: Mid-November 2025

Type: Data Breach

Attack Vector: Phishing/Social Engineering (employee manipulation to gain internal system access)

Vulnerability Exploited: Human error (employee susceptibility to scams), lack of robust multi-factor authentication (MFA) enforcement

Threat Actor: Unidentified unauthorized third party

Motivation: Data TheftPotential Financial Gain (via phishing/identity theft)Targeted Scams

Incident : Data Breach

measurementExposure impactImpact

Title: DoorDash Social Engineering Data Breach (2025)

Description: In November 2025, DoorDash disclosed a data breach where an employee fell victim to a social engineering attack, leading to the compromise of customer, Dasher, and merchant personal information. The attackers gained unauthorized access using legitimate credentials obtained via manipulation, bypassing security awareness training. The breach exposed names, physical addresses, email addresses, and phone numbers but did not include sensitive data like Social Security numbers, driver’s license information, or payment card details. The incident underscores the vulnerability of human elements in cybersecurity and the need for AI-driven threat detection to mitigate dwell time and post-compromise risks.

Date Detected: 2025-10-25

Date Publicly Disclosed: 2025-11

Type: Data Breach

Attack Vector: Social EngineeringPhishing (Spear Phishing/Vishing)Compromised Credentials

Vulnerability Exploited: Human Trust and Error (Bypassed Security Awareness Training)

Motivation: Data Theft for Follow-on Attacks (e.g., Spear Phishing, Vishing)Potential Financial Gain via Stolen Data

What are the most common types of attacks the company has faced ?

Common Attack Types: The most common types of attacks the company has faced is Breach.

How does the company identify the attack vectors used in incidents ?

Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Third-party Vendor, DoorDash for Business Platform (Budget Name Input Field), Third-party service provider credentials (obtained via social engineering), Employee (Social Engineering), Social Engineering (Employee Targeted), Phishing email targeting a DoorDash employee and Social Engineering (Employee Credential Compromise).

Impact of the Incidents

What was the impact of each incident ?

Incident : Data Breach DOO0162922

Data Compromised: Names, Email addresses, Delivery addresses, Phone numbers, Basic order information, Partial credit card information

Incident : Data Breach DOO15123922

Data Compromised: Email addresses, Delivery addresses, Order history, Phone numbers, Hashed and salted passwords, Last four digits of credit cards, Last four digits of bank accounts

Incident : Data Breach DOO622072825

Data Compromised: Names, Email addresses, Phone numbers, Hashed passwords, Driver's license numbers

Incident : Data Breach DOO5993759111725

Data Compromised: Names, Email addresses, Phone numbers, Physical addresses, Order history hashes, Last four digits of payment cards (dashers only)

Operational Impact: Increased risk of phishing/smishing/vishing attacks; reputational harm; customer notification efforts

Customer Complaints: Expected increase due to phishing risks

Brand Reputation Impact: Moderate (trust erosion, media coverage)

Identity Theft Risk: Low (no SSNs, full payment cards, or government IDs exposed)

Payment Information Risk: Low (only last four digits of payment cards for Dashers)

Incident : Data Breach DOO5632556111825

Data Compromised: Names, Email addresses, Phone numbers, Physical addresses

Operational Impact: Minimal (Access Revoked Immediately)

Customer Complaints: Backlash on Reddit for Downplaying Severity of Exposed Data (e.g., Names and Home Addresses as 'Non-Sensitive')

Brand Reputation Impact: Negative (Criticism for Data Handling, Stock Volatility)

Identity Theft Risk: No Indication of Misuse (as of Disclosure)

Payment Information Risk: None (Payment Information Not Exposed)

Incident : Data Breach (Social Engineering) DOO4293042111925

Data Compromised: Customer personal information (non-sensitive)

Brand Reputation Impact: Potential Negative Impact (Public Disclosure of Breach)

Identity Theft Risk: Low (No ID Numbers or Payment Information Compromised)

Payment Information Risk: None (Officials Confirmed No Payment Information Exposed)

Incident : Data Breach DOO5203452112125

Data Compromised: Names, Email addresses, Phone numbers, Physical addresses

Systems Affected: Internal systems (unspecified)

Operational Impact: Notification process to affected users (mid-to-late November 2025), partnership with security firms for investigation

Revenue Loss: Minor stock dip reported

Brand Reputation Impact: Negative; erosion of trust in gig economy platforms, potential regulatory scrutiny

Legal Liabilities: Possible fines or mandated audits under regulations like CCPA; historical context of lawsuits from 2019 breach

Identity Theft Risk: High (exposed PII can be used for phishing, spear-phishing, or cross-referencing with other databases)

Payment Information Risk: Low (DoorDash confirmed no credit card details or passwords were accessed)

Incident : Data Breach DOO4104241112725

Data Compromised: Names, Physical addresses, Email addresses, Phone numbers

Operational Impact: Potential Increased Risk of Follow-on Attacks (Spear Phishing/Vishing)

Brand Reputation Impact: High (High-Visibility Breach Undermining Trust in Security Posture)

Identity Theft Risk: Moderate (Exposed PII Could Enable Targeted Scams)

Payment Information Risk: None (Confirmed Not Accessed)

What types of data are most commonly compromised in incidents ?

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Email Addresses, Delivery Addresses, Phone Numbers, Basic Order Information, Partial Credit Card Information, , Email Addresses, Delivery Addresses, Order History, Phone Numbers, Hashed And Salted Passwords, Last Four Digits Of Credit Cards, Last Four Digits Of Bank Accounts, , Names, Email Addresses, Phone Numbers, Hashed Passwords, Driver'S License Numbers, , None, Personal Identifiable Information (Pii), Contact Information, Partial Payment Data, , Personal Information (Pii), , Personal Information (Non-Sensitive), , Personally Identifiable Information (Pii), , Personal Identifiable Information (Pii) and .

Which entities were affected by each incident ?

Incident : Data Breach DOO0162922

Entity Name: DoorDash

Entity Type: Company

Industry: Food Delivery

Incident : Data Breach DOO15123922

Entity Name: DoorDash

Entity Type: Company

Industry: Food Delivery

Customers Affected: 4900000

Incident : Data Breach DOO622072825

Entity Name: DoorDash, Inc.

Entity Type: Company

Industry: Food Delivery

Location: California

Customers Affected: 41740

Incident : Data Breach DOO5993759111725

Entity Name: DoorDash

Entity Type: Food Delivery Platform

Industry: Technology / Logistics

Location: United States (Global Operations)

Customers Affected: 4.9 million (customers, drivers, merchants)

Incident : Data Breach DOO5632556111825

Entity Name: DoorDash

Entity Type: Food Delivery Platform

Industry: Technology / E-Commerce

Location: United States (HQ: San Francisco, CA)

Size: Large (Publicly Traded, NYSE: DASH)

Customers Affected: Certain Users (Dashers and Merchants)

Incident : Data Breach (Social Engineering) DOO4293042111925

Entity Name: DoorDash

Entity Type: Company

Industry: Food Delivery / Technology

Location: United States (Headquarters in San Francisco, CA)

Incident : Data Breach DOO5203452112125

Entity Name: DoorDash

Entity Type: Food Delivery Platform

Industry: Gig Economy / Technology

Location: United States (primary market)

Size: Over 30 million users (customers, Dashers, merchants)

Customers Affected: Unspecified number (potentially large, given user base)

Incident : Data Breach DOO5203452112125

Entity Name: DoorDash Customers

Entity Type: Individuals

Location: Primarily United States

Customers Affected: Personal data exposed

Incident : Data Breach DOO5203452112125

Entity Name: Dashers (Delivery Workers)

Entity Type: Gig Workers

Industry: Food Delivery

Location: United States

Customers Affected: Personal data exposed (including physical addresses, raising safety concerns)

Incident : Data Breach DOO5203452112125

Entity Name: Merchants

Entity Type: Businesses

Industry: Food Service

Location: United States

Customers Affected: Personal/contact data exposed

Incident : Data Breach DOO4104241112725

Entity Name: DoorDash

Entity Type: Food Delivery Platform

Industry: Technology / Food Delivery

Location: Global (Primarily USA)

Response to the Incidents

What measures were taken in response to each incident ?

Incident : Data Breach DOO0162922

Containment Measures: Disabled the vendor's access to their system and contained the incident.

Incident : Data Breach DOO15123922

Communication Strategy: Notified all affected individuals through the mail

Incident : Data Breach DOO5993759111725

Incident Response Plan Activated: True

Containment Measures: Blocked unauthorized access

Recovery Measures: Notifying affected users via in-app/email

Communication Strategy: Public blog postDirect notifications to affected usersMedia statements

Incident : Data Breach DOO5632556111825

Incident Response Plan Activated: Yes (Access Revoked, Users Notified)

Law Enforcement Notified: Yes (Investigation Ongoing)

Containment Measures: Immediate Access Revocation

Remediation Measures: Reinforced Employee TrainingStrengthened Authentication Protocols

Communication Strategy: Public Notice to Users (November 13, 2023)

Incident : Data Breach (Social Engineering) DOO4293042111925

Communication Strategy: Public Disclosure via Media (KELO.com)

Incident : Data Breach DOO5203452112125

Incident Response Plan Activated: Yes (swift action upon discovery)

Third Party Assistance: Partnerships with security firms for investigation and defense fortification

Containment Measures: Employee verification process enhancementsSystem access reviews

Remediation Measures: User notifications (email)Free credit monitoring via Experian (1 year)

Communication Strategy: Public statements downplaying severity, emails to affected users with mitigation advice (password updates, account monitoring)

Enhanced Monitoring: Implemented for employee access and unusual activity

Incident : Data Breach DOO4104241112725

Incident Response Plan Activated: True

Containment Measures: Detection of Intrusion on 2025-10-25Access Containment (Timing Unspecified)

Communication Strategy: Public Disclosure in November 2025Advisory on Compromised Data Types

Enhanced Monitoring: AI-Driven Threat Detection (e.g., Seceon aiXDR Recommended)

What is the company's incident response plan?

Incident Response Plan: The company's incident response plan is described as Yes (After 15+ Months of Inaction), , Yes (Access Revoked, Users Notified), Yes (swift action upon discovery), .

How does the company involve third-party assistance in incident response ?

Third-Party Assistance: The company involves third-party assistance in incident response through HackerOne (Bug Bounty Platform), , Partnerships with security firms for investigation and defense fortification.

Data Breach Information

What type of data was compromised in each breach ?

Incident : Data Breach DOO0162922

Type of Data Compromised: Names, Email addresses, Delivery addresses, Phone numbers, Basic order information, Partial credit card information

Personally Identifiable Information: namesemail addressesdelivery addressesphone numbers

Incident : Data Breach DOO15123922

Type of Data Compromised: Email addresses, Delivery addresses, Order history, Phone numbers, Hashed and salted passwords, Last four digits of credit cards, Last four digits of bank accounts

Number of Records Exposed: 4900000

Incident : Data Breach DOO622072825

Type of Data Compromised: Names, Email addresses, Phone numbers, Hashed passwords, Driver's license numbers

Number of Records Exposed: 41740

Sensitivity of Data: High

Incident : Data Breach DOO5993759111725

Type of Data Compromised: Personal identifiable information (pii), Contact information, Partial payment data

Number of Records Exposed: 4.9 million

Sensitivity of Data: Moderate (no full financial or government ID data)

Personally Identifiable Information: NamesEmail AddressesPhone NumbersPhysical Addresses

Incident : Data Breach DOO5632556111825

Type of Data Compromised: Personal information (pii)

Sensitivity of Data: Moderate (No Financial/Payment Data or Government IDs)

Data Exfiltration: Likely (Unauthorized Access Confirmed)

Personally Identifiable Information: NamesEmail AddressesPhone NumbersPhysical Addresses

Incident : Data Breach (Social Engineering) DOO4293042111925

Type of Data Compromised: Personal information (non-sensitive)

Sensitivity of Data: Low (No ID Numbers or Payment Information)

Data Exfiltration: Yes (Some Customer Data Accessed)

Personally Identifiable Information: Partial (Excluding ID Numbers and Payment Information)

Incident : Data Breach DOO5203452112125

Type of Data Compromised: Personally identifiable information (pii)

Number of Records Exposed: Unspecified (potentially large, given 30M+ user base)

Sensitivity of Data: Moderate (no financial data or passwords, but PII can enable phishing/identity theft)

Data Exfiltration: Likely (data accessed by unauthorized party)

Personally Identifiable Information: NamesEmail addressesPhone numbersPhysical addresses

Incident : Data Breach DOO4104241112725

Type of Data Compromised: Personal identifiable information (pii)

Sensitivity of Data: Moderate (No Financial/Payment Data or Government IDs)

Personally Identifiable Information: NamesPhysical AddressesEmail AddressesPhone Numbers

What measures does the company take to prevent data exfiltration ?

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Closed Vulnerable Budget Name Input Field, Enhanced Email Template Rendering Security, , Reinforced Employee Training, Strengthened Authentication Protocols, , User notifications (email), Free credit monitoring via Experian (1 year), .

How does the company handle incidents involving personally identifiable information (PII) ?

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by disabled the vendor's access to their system and contained the incident., patch applied to input validation in doordash for business backend, html sanitization in email templates, , blocked unauthorized access, , immediate access revocation, , employee verification process enhancements, system access reviews, , detection of intrusion on 2025-10-25, access containment (timing unspecified) and .

Ransomware Information

How does the company recover data encrypted by ransomware ?

Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Notifying affected users via in-app/email, .

Regulatory Compliance

Were there any regulatory violations and fines imposed for each incident ?

Incident : Data Breach DOO5993759111725

Regulatory Notifications: Expected under state breach-notification laws (e.g., California Consumer Privacy Act)

Incident : Data Breach DOO5203452112125

Regulations Violated: Potential violations of California Consumer Privacy Act (CCPA),

Legal Actions: Possible (historical context of lawsuits from 2019 breach)

How does the company ensure compliance with regulatory requirements ?

Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Researcher Banned from DoorDash Bug Bounty Program, , Possible (historical context of lawsuits from 2019 breach).

Lessons Learned and Recommendations

What lessons were learned from each incident ?

Incident : Data Breach DOO5993759111725

Lessons Learned: Supply chain vulnerabilities remain a critical risk vector, especially for third-party vendors with access to credentials., Social engineering continues to be a dominant attack method, bypassing technical controls., Contact information (phone numbers, addresses) can enable highly targeted phishing campaigns even without financial data exposure., Proactive user education and phishing-resistant MFA are essential for mitigating post-breach risks.

Incident : Data Breach DOO5632556111825

Lessons Learned: Importance of robust authentication protocols and employee training to mitigate social engineering risks. Need for clearer communication about the sensitivity of exposed data (e.g., physical addresses).

Incident : Data Breach DOO5203452112125

Lessons Learned: Human error remains a critical vulnerability; robust employee training and MFA enforcement are essential., Third-party risk management requires stricter controls, especially in gig economy platforms with vast PII repositories., Proactive measures (e.g., zero-trust architectures, AI-driven anomaly detection) are needed to prevent recurring breaches., Data minimization strategies can reduce breach impacts by limiting stored PII.

Incident : Data Breach DOO4104241112725

Lessons Learned: Human elements (e.g., social engineering) remain a critical vulnerability despite technical defenses., Security awareness training alone is insufficient; proactive, AI-driven detection (e.g., UEBA, XDR) is essential to mitigate dwell time., Legitimate credentials can be weaponized; behavioral analytics are required to detect anomalous activity post-compromise., Follow-on attacks (e.g., spear phishing) are a major risk when PII is exposed, even without financial data.

What recommendations were made to prevent future incidents ?

Incident : Data Breach DOO5993759111725

Recommendations: Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.

Incident : Data Breach DOO5632556111825

Recommendations: Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Conduct regular phishing/social engineering simulations for employees., Enhance transparency in breach disclosures to address public concerns about data sensitivity., Monitor dark web for potential misuse of exposed data.Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Conduct regular phishing/social engineering simulations for employees., Enhance transparency in breach disclosures to address public concerns about data sensitivity., Monitor dark web for potential misuse of exposed data.Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Conduct regular phishing/social engineering simulations for employees., Enhance transparency in breach disclosures to address public concerns about data sensitivity., Monitor dark web for potential misuse of exposed data.Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Conduct regular phishing/social engineering simulations for employees., Enhance transparency in breach disclosures to address public concerns about data sensitivity., Monitor dark web for potential misuse of exposed data.

Incident : Data Breach DOO5203452112125

Recommendations: Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.

Incident : Data Breach DOO4104241112725

Recommendations: Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.

What are the key lessons learned from past incidents ?

Key Lessons Learned: The key lessons learned from past incidents are Importance of Timely Vulnerability Triage and Patch Management,Need for Clear Communication Channels Between Researchers and Companies,Risks of Misaligned Expectations in Bug Bounty Programs (Scope vs. Compensation),Ethical Boundaries in Vulnerability Disclosure (Extortion vs. Good Faith Reporting),Criticality of Input Validation in Customer-Facing Systems (Even 'Non-Critical' Fields Like Budget Names)Supply chain vulnerabilities remain a critical risk vector, especially for third-party vendors with access to credentials.,Social engineering continues to be a dominant attack method, bypassing technical controls.,Contact information (phone numbers, addresses) can enable highly targeted phishing campaigns even without financial data exposure.,Proactive user education and phishing-resistant MFA are essential for mitigating post-breach risks.Importance of robust authentication protocols and employee training to mitigate social engineering risks. Need for clearer communication about the sensitivity of exposed data (e.g., physical addresses).Human error remains a critical vulnerability; robust employee training and MFA enforcement are essential.,Third-party risk management requires stricter controls, especially in gig economy platforms with vast PII repositories.,Proactive measures (e.g., zero-trust architectures, AI-driven anomaly detection) are needed to prevent recurring breaches.,Data minimization strategies can reduce breach impacts by limiting stored PII.Human elements (e.g., social engineering) remain a critical vulnerability despite technical defenses.,Security awareness training alone is insufficient; proactive, AI-driven detection (e.g., UEBA, XDR) is essential to mitigate dwell time.,Legitimate credentials can be weaponized; behavioral analytics are required to detect anomalous activity post-compromise.,Follow-on attacks (e.g., spear phishing) are a major risk when PII is exposed, even without financial data.

What recommendations has the company implemented to improve cybersecurity ?

Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Conduct **regular phishing/social engineering simulations** to test employee vigilance., Enhance **data minimization practices** to limit exposure of non-essential PII., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Invest in **privacy-by-design frameworks** to embed security into platform architecture. and Implement **zero-trust security models** to eliminate implicit trust in users/devices..

References

Where can I find more information about each incident ?

Incident : Data Breach DOO622072825

Source: California Office of the Attorney General

Date Accessed: 2019-09-27

Incident : Data Breach DOO5993759111725

Source: DoorDash Official Blog

Incident : Data Breach DOO5993759111725

Source: Verizon Data Breach Investigations Report (DBIR)

URL: https://www.verizon.com/business/resources/reports/dbir/

Incident : Data Breach DOO5993759111725

Source: FBI Internet Crime Complaint Center (IC3)

URL: https://www.ic3.gov/

Incident : Data Breach DOO5993759111725

Source: IBM Cost of a Data Breach Report 2023

URL: https://www.ibm.com/reports/data-breach

Incident : Data Breach DOO5632556111825

Source: DoorDash Notice to Users

Date Accessed: 2023-11-13

Incident : Data Breach DOO5632556111825

Source: Reddit User Discussions

Date Accessed: 2023-11

Incident : Data Breach DOO5632556111825

Source: Shutterstock (Stock Performance Image)

URL: https://www.shutterstock.com

Date Accessed: 2023-11

Incident : Data Breach (Social Engineering) DOO4293042111925

Source: KELO.com

Incident : Data Breach DOO5203452112125

Source: CT Insider

Incident : Data Breach DOO5203452112125

Source: TechCrunch

Incident : Data Breach DOO5203452112125

Source: USA Today

Incident : Data Breach DOO5203452112125

Source: BleepingComputer

Incident : Data Breach DOO4104241112725

Source: Seceon Inc Blog

URL: https://seceon.com/defending-the-enterprise-perimeter-the-lesson-from-the-doordash-social-engineering-breach/

Where can stakeholders find additional resources on cybersecurity best practices ?

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2019-09-27, and Source: BleepingComputerUrl: https://www.bleepingcomputer.com/news/security/doordash-patches-flaw-that-let-anyone-send-official-company-emails/Date Accessed: 2024-11-07, and Source: Researcher's Public Vulnerability Report (doublezero7), and Source: HackerOne Report #2608277Date Accessed: 2024-07-17 (Closed as Informative), and Source: DoorDash Official Blog, and Source: Verizon Data Breach Investigations Report (DBIR)Url: https://www.verizon.com/business/resources/reports/dbir/, and Source: FBI Internet Crime Complaint Center (IC3)Url: https://www.ic3.gov/, and Source: IBM Cost of a Data Breach Report 2023Url: https://www.ibm.com/reports/data-breach, and Source: DoorDash Notice to UsersDate Accessed: 2023-11-13, and Source: Reddit User DiscussionsDate Accessed: 2023-11, and Source: Shutterstock (Stock Performance Image)Url: https://www.shutterstock.comDate Accessed: 2023-11, and Source: KELO.com, and Source: CT Insider, and Source: TechCrunch, and Source: USA Today, and Source: BleepingComputer, and Source: Seceon Inc BlogUrl: https://seceon.com/defending-the-enterprise-perimeter-the-lesson-from-the-doordash-social-engineering-breach/.

Investigation Status

What is the current status of the investigation for each incident ?

Incident : Data Breach DOO5993759111725

Investigation Status: Ongoing (collaboration with law enforcement)

Incident : Data Breach DOO5632556111825

Investigation Status: Ongoing (Law Enforcement Involved)

Incident : Data Breach (Social Engineering) DOO4293042111925

Investigation Status: Disclosed (Ongoing or Completed Status Unknown)

Incident : Data Breach DOO5203452112125

Investigation Status: Ongoing (in collaboration with external security firms)

Incident : Data Breach DOO4104241112725

Investigation Status: Contained (as of November 2025 disclosure)

How does the company communicate the status of incident investigations to stakeholders ?

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified all affected individuals through the mail, Public Statement To Bleepingcomputer, No Direct Customer Notification Mentioned, Public Blog Post, Direct Notifications To Affected Users, Media Statements, Public Notice to Users (November 13, 2023), Public Disclosure via Media (KELO.com), Public statements downplaying severity, emails to affected users with mitigation advice (password updates, account monitoring), Public Disclosure In November 2025 and Advisory On Compromised Data Types.

Stakeholder and Customer Advisories

Were there any advisories issued to stakeholders or customers for each incident ?

Incident : Data Breach DOO5993759111725

Stakeholder Advisories: Customers, Dashers, And Merchants Advised To Watch For Phishing Attempts Citing Order History Or Delivery Addresses., Official Notifications Will Never Request Passwords Or Full Payment Details..

Customer Advisories: Be wary of texts/calls/emails about the breach asking for clicks or login details.Navigate directly to the DoorDash app/website instead of clicking links.Enable MFA (preferably app-based) and monitor account activity.Check saved payment methods and update reused passwords.

Incident : Data Breach DOO5632556111825

Customer Advisories: Public Notice Issued (November 13, 2023)

Incident : Data Breach (Social Engineering) DOO4293042111925

Customer Advisories: Public Notification via Media (No Direct Advisory Mentioned)

Incident : Data Breach DOO5203452112125

Stakeholder Advisories: Users advised to update passwords, monitor accounts, and enable two-factor authentication.

Customer Advisories: Emails sent to affected individuals offering 1 year of free credit monitoring via Experian.

Incident : Data Breach DOO4104241112725

Customer Advisories: Public Notification of Compromised PII (No Financial Data Exposed)

What advisories does the company provide to stakeholders and customers following an incident ?

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customers, Dashers, And Merchants Advised To Watch For Phishing Attempts Citing Order History Or Delivery Addresses., Official Notifications Will Never Request Passwords Or Full Payment Details., Be Wary Of Texts/Calls/Emails About The Breach Asking For Clicks Or Login Details., Navigate Directly To The Doordash App/Website Instead Of Clicking Links., Enable Mfa (Preferably App-Based) And Monitor Account Activity., Check Saved Payment Methods And Update Reused Passwords., , Public Notice Issued (November 13, 2023), Public Notification via Media (No Direct Advisory Mentioned), Users advised to update passwords, monitor accounts, and enable two-factor authentication., Emails sent to affected individuals offering 1 year of free credit monitoring via Experian., Public Notification Of Compromised Pii (No Financial Data Exposed) and .

Initial Access Broker

How did the initial access broker gain entry for each incident ?

Incident : Data Breach DOO0162922

Entry Point: Third-party Vendor

Incident : Data Breach DOO5993759111725

Entry Point: Third-party service provider credentials (obtained via social engineering)

Reconnaissance Period: Approximately two weeks before the breach

High Value Targets: Customer Pii, Dasher Partial Payment Data,

Data Sold on Dark Web: Customer Pii, Dasher Partial Payment Data,

Incident : Data Breach DOO5632556111825

Entry Point: Employee (Social Engineering)

High Value Targets: User Data (Dashers And Merchants),

Data Sold on Dark Web: User Data (Dashers And Merchants),

Incident : Data Breach (Social Engineering) DOO4293042111925

Entry Point: Social Engineering (Employee Targeted)

Incident : Data Breach DOO5203452112125

Entry Point: Phishing email targeting a DoorDash employee

High Value Targets: Internal Systems Containing Customer/Dasher/Merchant Pii,

Data Sold on Dark Web: Internal Systems Containing Customer/Dasher/Merchant Pii,

Incident : Data Breach DOO4104241112725

Entry Point: Social Engineering (Employee Credential Compromise)

High Value Targets: Customer/Dasher/Merchant Contact Databases,

Data Sold on Dark Web: Customer/Dasher/Merchant Contact Databases,

Post-Incident Analysis

What were the root causes and corrective actions taken for each incident ?

Incident : Data Breach DOO5993759111725

Root Causes: Social Engineering Attack On A Third-Party Vendor Employee Leading To Credential Compromise., Insufficient Safeguards Against Supply Chain Attacks (E.G., Vendor Access Controls)., Lack Of Detection For Unauthorized Access Over A Two-Week Period.,

Corrective Actions: Review And Strengthen Third-Party Vendor Security Protocols., Enhance Monitoring For Unusual Access Patterns., Expand Employee Training On Social Engineering Threats., Implement Stricter Authentication For High-Risk Systems.,

Incident : Data Breach DOO5632556111825

Root Causes: Inadequate Authentication Safeguards For Employee Accounts., Successful Social Engineering Exploit Targeting An Employee.,

Corrective Actions: Reinforced Employee Training On Social Engineering Risks., Strengthened Authentication Protocols (Details Unspecified).,

Incident : Data Breach (Social Engineering) DOO4293042111925

Root Causes: Employee Susceptibility to Social Engineering

Incident : Data Breach DOO5203452112125

Root Causes: Inadequate Employee Training On Social Engineering Tactics., Lack Of Enforced Multi-Factor Authentication (Mfa) For Internal Systems., Systemic Third-Party Risk Management Gaps (Historical Context From 2022 Vendor Breach)., Over-Reliance On Reactive Measures Rather Than Proactive Security Postures.,

Corrective Actions: Enhanced Employee Verification Processes., Partnerships With Security Firms To Audit And Fortify Defenses., Potential Adoption Of Zero-Trust Architectures And Ai-Driven Monitoring (Recommended).,

Incident : Data Breach DOO4104241112725

Root Causes: Successful Social Engineering Attack Exploiting Human Trust/Error., Inadequate Real-Time Detection Of Anomalous Behavior Post-Credential Compromise., Over-Reliance On Security Awareness Training Without Technical Controls For Credential Misuse.,

Corrective Actions: Deployment Of Ai-Driven Xdr/Ueba Solutions For Behavioral Analytics., Enhanced Monitoring Of Privileged Access And Data Query Patterns., Automated Response Mechanisms (E.G., Soar) To Reduce Dwell Time., Review Of Identity And Access Management (Iam) Policies For Least-Privilege Enforcement.,

What is the company's process for conducting post-incident analysis ?

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Hackerone (Bug Bounty Platform), , Partnerships with security firms for investigation and defense fortification, Implemented for employee access and unusual activity, Ai-Driven Threat Detection (E.G., Seceon Aixdr Recommended), .

What corrective actions has the company taken based on post-incident analysis ?

Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Patched Input Validation In Doordash For Business Backend, Enhanced Email Template Security (Html Sanitization), Review Of Bug Bounty Program Policies And Scope, Internal Review Of Vulnerability Disclosure Processes, , Review And Strengthen Third-Party Vendor Security Protocols., Enhance Monitoring For Unusual Access Patterns., Expand Employee Training On Social Engineering Threats., Implement Stricter Authentication For High-Risk Systems., , Reinforced Employee Training On Social Engineering Risks., Strengthened Authentication Protocols (Details Unspecified)., , Enhanced Employee Verification Processes., Partnerships With Security Firms To Audit And Fortify Defenses., Potential Adoption Of Zero-Trust Architectures And Ai-Driven Monitoring (Recommended)., , Deployment Of Ai-Driven Xdr/Ueba Solutions For Behavioral Analytics., Enhanced Monitoring Of Privileged Access And Data Query Patterns., Automated Response Mechanisms (E.G., Soar) To Reduce Dwell Time., Review Of Identity And Access Management (Iam) Policies For Least-Privilege Enforcement., .

Additional Questions

General Information

Who was the attacking group in the last incident ?

Last Attacking Group: The attacking group in the last incident were an Unauthorized User, Unauthorized Individual (Unknown) and Unidentified unauthorized third party.

Incident Details

What was the most recent incident detected ?

Most Recent Incident Detected: The most recent incident detected was on 2019-09-27.

What was the most recent incident publicly disclosed ?

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-11.

What was the most recent incident resolved ?

Most Recent Incident Resolved: The most recent incident resolved was on 2024-11-03.

Impact of the Incidents

What was the most significant data compromised in an incident ?

Most Significant Data Compromised: The most significant data compromised in an incident were names, email addresses, delivery addresses, phone numbers, basic order information, partial credit card information, , Email Addresses, Delivery Addresses, Order History, Phone Numbers, Hashed and Salted Passwords, Last Four Digits of Credit Cards, Last Four Digits of Bank Accounts, , names, email addresses, phone numbers, hashed passwords, driver's license numbers, , None, Names, Email Addresses, Phone Numbers, Physical Addresses, Order History Hashes, Last Four Digits of Payment Cards (Dashers only), , Names, Email Addresses, Phone Numbers, Physical Addresses, , Customer Personal Information (Non-Sensitive), , Names, Email addresses, Phone numbers, Physical addresses, , Names, Physical Addresses, Email Addresses, Phone Numbers and .

What was the most significant system affected in an incident ?

Most Significant System Affected: The most significant system affected in an incident was DoorDash for Business PlatformEmail Servers ([email protected]) and Internal systems (unspecified).

Response to the Incidents

What third-party assistance was involved in the most recent incident ?

Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was hackerone (bug bounty platform), , Partnerships with security firms for investigation and defense fortification.

What containment measures were taken in the most recent incident ?

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Disabled the vendor's access to their system and contained the incident., Patch Applied to Input Validation in DoorDash for Business BackendHTML Sanitization in Email Templates, Blocked unauthorized access, Immediate Access Revocation, Employee verification process enhancementsSystem access reviews and Detection of Intrusion on 2025-10-25Access Containment (Timing Unspecified).

Data Breach Information

What was the most sensitive data compromised in a breach ?

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Hashed and Salted Passwords, email addresses, driver's license numbers, hashed passwords, Last Four Digits of Credit Cards, Order History Hashes, Phone Numbers, Names, Physical addresses, delivery addresses, Last Four Digits of Payment Cards (Dashers only), phone numbers, basic order information, names, Customer Personal Information (Non-Sensitive), Phone numbers, Email addresses, Email Addresses, Last Four Digits of Bank Accounts, None, Delivery Addresses, partial credit card information, Order History and Physical Addresses.

What was the number of records exposed in the most significant breach ?

Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 4.9M.

Regulatory Compliance

What was the most significant legal action taken for a regulatory violation ?

Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Researcher Banned from DoorDash Bug Bounty Program, , Possible (historical context of lawsuits from 2019 breach).

Lessons Learned and Recommendations

What was the most significant lesson learned from past incidents ?

Most Significant Lesson Learned: The most significant lesson learned from past incidents was Follow-on attacks (e.g., spear phishing) are a major risk when PII is exposed, even without financial data.

What was the most significant recommendation implemented to improve cybersecurity ?

Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Conduct **regular phishing/social engineering simulations** to test employee vigilance., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data., Enhance transparency in breach disclosures to address public concerns about data sensitivity., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Implement Automated Sanitization for All User-Supplied Input in Email Templates, Monitor Dark Web for Exploitation of Similar Vulnerabilities in Competitor Platforms, Establish Escalation Protocols for Disputed Vulnerability Reports, Train Customer Support on Phishing Risks Stemming from Spoofed Emails, Provide Transparent Timelines for Vulnerability Remediation, Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Conduct regular phishing/social engineering simulations for employees., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Invest in **privacy-by-design frameworks** to embed security into platform architecture., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Conduct regular security awareness training focused on social engineering tactics., Enhance **data minimization practices** to limit exposure of non-essential PII., Conduct Regular Security Audits of Business Logic Abuse Vectors, Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Monitor dark web for potential misuse of exposed data., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Enforce least-privilege access principles to limit exposure from compromised credentials., Expand Bug Bounty Program Scope to Include Email-Related Vulnerabilities, Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Use unique passwords for different accounts, Enable two-factor authentication and Implement **zero-trust security models** to eliminate implicit trust in users/devices..

References

What is the most recent source of information about an incident ?

Most Recent Source: The most recent source of information about an incident are California Office of the Attorney General, FBI Internet Crime Complaint Center (IC3), KELO.com, TechCrunch, Shutterstock (Stock Performance Image), BleepingComputer, DoorDash Official Blog, CT Insider, HackerOne Report #2608277, Seceon Inc Blog, IBM Cost of a Data Breach Report 2023, Verizon Data Breach Investigations Report (DBIR), Researcher's Public Vulnerability Report (doublezero7), USA Today, DoorDash Notice to Users and Reddit User Discussions.

What is the most recent URL for additional resources on cybersecurity best practices ?

Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.bleepingcomputer.com/news/security/doordash-patches-flaw-that-let-anyone-send-official-company-emails/, https://www.verizon.com/business/resources/reports/dbir/, https://www.ic3.gov/, https://www.ibm.com/reports/data-breach, https://www.shutterstock.com, https://seceon.com/defending-the-enterprise-perimeter-the-lesson-from-the-doordash-social-engineering-breach/ .

Investigation Status

What is the current status of the most recent investigation ?

Current Status of Most Recent Investigation: The current status of the most recent investigation is Resolved (Vulnerability Patched, Disclosure Dispute Ongoing).

Stakeholder and Customer Advisories

What was the most recent stakeholder advisory issued ?

Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Customers, Dashers, and merchants advised to watch for phishing attempts citing order history or delivery addresses., Official notifications will never request passwords or full payment details., Users advised to update passwords, monitor accounts, and enable two-factor authentication., .

What was the most recent customer advisory issued ?

Most Recent Customer Advisory: The most recent customer advisory issued were an Be wary of texts/calls/emails about the breach asking for clicks or login details.Navigate directly to the DoorDash app/website instead of clicking links.Enable MFA (preferably app-based) and monitor account activity.Check saved payment methods and update reused passwords., Public Notice Issued (November 13, 2023), Public Notification via Media (No Direct Advisory Mentioned), Emails sent to affected individuals offering 1 year of free credit monitoring via Experian. and Public Notification of Compromised PII (No Financial Data Exposed).

Initial Access Broker

What was the most recent entry point used by an initial access broker ?

Most Recent Entry Point: The most recent entry point used by an initial access broker were an Phishing email targeting a DoorDash employee, Employee (Social Engineering), DoorDash for Business Platform (Budget Name Input Field), Social Engineering (Employee Credential Compromise), Social Engineering (Employee Targeted), Third-party service provider credentials (obtained via social engineering) and Third-party Vendor.

What was the most recent reconnaissance period for an incident ?

Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was 15+ Months (From Initial Report to Patch), Approximately two weeks before the breach.

Post-Incident Analysis

What was the most significant root cause identified in post-incident analysis ?

Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Credential Stuffing, Lack of Input Validation in Budget Name FieldInsufficient Output Encoding in Email TemplatesDelayed Triage of Vulnerability Report (15+ Months)Breakdown in Communication Between Researcher and DoorDashMisalignment on Bug Bounty Program Scope and Compensation, Social engineering attack on a third-party vendor employee leading to credential compromise.Insufficient safeguards against supply chain attacks (e.g., vendor access controls).Lack of detection for unauthorized access over a two-week period., Inadequate authentication safeguards for employee accounts.Successful social engineering exploit targeting an employee., Employee Susceptibility to Social Engineering, Inadequate employee training on social engineering tactics.Lack of enforced multi-factor authentication (MFA) for internal systems.Systemic third-party risk management gaps (historical context from 2022 vendor breach).Over-reliance on reactive measures rather than proactive security postures., Successful social engineering attack exploiting human trust/error.Inadequate real-time detection of anomalous behavior post-credential compromise.Over-reliance on security awareness training without technical controls for credential misuse..

What was the most significant corrective action taken based on post-incident analysis ?

Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Patched Input Validation in DoorDash for Business BackendEnhanced Email Template Security (HTML Sanitization)Review of Bug Bounty Program Policies and ScopeInternal Review of Vulnerability Disclosure Processes, Review and strengthen third-party vendor security protocols.Enhance monitoring for unusual access patterns.Expand employee training on social engineering threats.Implement stricter authentication for high-risk systems., Reinforced employee training on social engineering risks.Strengthened authentication protocols (details unspecified)., Enhanced employee verification processes.Partnerships with security firms to audit and fortify defenses.Potential adoption of zero-trust architectures and AI-driven monitoring (recommended)., Deployment of AI-driven XDR/UEBA solutions for behavioral analytics.Enhanced monitoring of privileged access and data query patterns.Automated response mechanisms (e.g., SOAR) to reduce dwell time.Review of identity and access management (IAM) policies for least-privilege enforcement..

cve

Latest Global CVEs (Not Company-Specific)

Description

SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of `--commit-hash` to execute arbitrary commands on the system running Wrangler. Root causeThe commitHash variable, derived from user input via the --commit-hash CLI argument, is interpolated directly into a shell command using template literals (e.g.,  execSync(`git show -s --format=%B ${commitHash}`)). Shell metacharacters are interpreted by the shell, enabling command execution. ImpactThis vulnerability is generally hard to exploit, as it requires --commit-hash to be attacker controlled. The vulnerability primarily affects CI/CD environments where `wrangler pages deploy` is used in automated pipelines and the --commit-hash parameter is populated from external, potentially untrusted sources. An attacker could exploit this to: * Run any shell command. * Exfiltrate environment variables. * Compromise the CI runner to install backdoors or modify build artifacts. Credits Disclosed responsibly by kny4hacker. Mitigation * Wrangler v4 users are requested to upgrade to Wrangler v4.59.1 or higher. * Wrangler v3 users are requested to upgrade to Wrangler v3.114.17 or higher. * Users on Wrangler v2 (EOL) should upgrade to a supported major version.

Published
Date
2026-01-20
Updated
Date
2026-01-20
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Published
Date
2026-01-20
Updated
Date
2026-01-20
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
References
Description

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).

Published
Date
2026-01-20
Updated
Date
2026-01-20
Risk Information
cvss3
Base: 8.1
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
References
Description

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Published
Date
2026-01-20
Updated
Date
2026-01-20
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
References
Description

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Published
Date
2026-01-20
Updated
Date
2026-01-20
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
References

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=doordash-for-business' -H 'apikey: YOUR_API_KEY_HERE'
Try It API Documentation rapidRapid

What Do We Measure ?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo
By Rankiteo
View on G2.com
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
View latest reports → View all security reports →
Users Love Us Badge