ISO 27001 Certificate
SOC 1 Type I Certificate
SOC 2 Type II Certificate
PCI DSS
HIPAA
RGPD
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions

DoorDash for Business Company CyberSecurity Posture

doordash.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

DoorDash for Business, a product of DoorDash, specializes in end-to-end delivery for every corporate food need. Our fast and easy meal program provides unparalleled service and quality for all sizes of companies and all types of occasions. This page is not being monitored for Help & Support requests. For all requests, please visit: https://help.doordash.com/business/s/work-support?language=en_US

DoorDash for Business A.I CyberSecurity Scoring

DB

Company Details

Linkedin ID:

doordash-for-business

Website:

https://business.doordash.com/

Employees number:

79

Number of followers:

3,070

NAICS:

513

Industry Type:

Technology, Information and Internet

Homepage:

doordash.com

IP Addresses:

0

Company ID:

DOO_2106142

Scan Status:

In-progress

AI scoreDB Risk Score (AI oriented)

Between 650 and 699

https://images.rankiteo.com/companyimages/doordash-for-business.jpeg
DB Technology, Information and Internet
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreDB Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/doordash-for-business.jpeg
DB Technology, Information and Internet
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

DB Company CyberSecurity News & History

Past Incidents
13
Attack Types
2
EntityTypeSeverityImpactSeenBlog DetailsIncident DetailsView
DoorDashBreach50109/2018
DOO232301022
Rankiteo Explanation :
Attack without any consequences

Description: Food delivery startup DoorDash customer's accounts have been hacked. Dozens of people have tweeted that their accounts had been improperly accessed and had fraudulent food deliveries charged to their account. The hackers changed their email addresses. There has been no data breach and that the likely culprit was credential stuffing, in which hackers take lists of stolen usernames and passwords and try them on other sites that may use the same credentials.

DoorDashBreach80408/2022
DOO0162922
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: Food delivery firm DoorDash suffered a data breach exposing customer and employee data that was compromised in a cyberattack on Twilio. The threat actor gained access to the company's internal tools using stolen credentials from a third-party vendor that had access to their systems. As a response, they disabled the vendor's access to their system and contained the incident. The exposed information included the names, email addresses, delivery addresses, and phone numbers of consumers. In addition, for a small subset of customers, the hackers accessed basic order information and partial credit card information, including the card type and the last four digits of the card number.

DoorDashBreach85410/2025
DOO5593355112025
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: DoorDash confirmed a cybersecurity incident where hackers accessed a database containing personal contact details of New York users, including full names, phone numbers, email addresses, and physical addresses. The breach originated in October when an employee fell for a **social engineering scam**, allowing unauthorized access. While DoorDash assured that no highly sensitive data (e.g., Social Security numbers, government IDs, driver’s licenses, or payment card information) was compromised, the exposed information still poses risks like phishing, identity theft, or targeted scams. The company responded by shutting down the attacker’s access, launching an investigation, involving law enforcement, and enhancing employee training to prevent future incidents. A dedicated helpline (1-833-918-8030, reference code **B155060**) was set up for affected users.

DoorDashBreach85409/2019
DOO15123922
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: DoorDash suffered a data breach after an unauthorized user gained access to the personal information of 4.9 million consumers, Dashers, and merchants. The exposed information included email addresses, delivery addresses, order history, phone numbers, and hashed and salted passwords, last four digits of their credit cards or bank accounts consumers, dashers, and merchants. The company notified all the affected individuals through the mail.

DoorDash Inc.Breach8545/2019
DOO231072825
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: The Washington State Office of the Attorney General reported a data breach involving DoorDash Inc. on September 26, 2019. The breach, which was discovered on September 5, 2019, resulted from unauthorized access on May 4, 2019, affecting 2,243 Washington residents and compromising user data such as names, email addresses, phone numbers, and driver's license numbers.

DoorDash, Inc.Breach8545/2019
DOO622072825
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: The California Office of the Attorney General reported on September 27, 2019, that DoorDash, Inc. experienced a data breach on May 4, 2019, involving unauthorized access to user data. Approximately 41,740 California residents were affected, with compromised information including names, email addresses, phone numbers, hashed passwords, and driver's license numbers.

DoorDashBreach85411/2025
DOO5993759111725
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: DoorDash experienced a data breach affecting **4.9 million customers, drivers (Dashers), and merchants** after an attacker exploited credentials from a **third-party vendor** to gain unauthorized access. Exposed data included **names, email addresses, phone numbers, delivery addresses, order history hashes, and the last four digits of payment cards** for Dashers. While **no full financial details, SSNs, or government IDs were compromised**, the leaked contact information heightens risks of **targeted phishing, smishing (SMS scams), and vishing (voice fraud)**, with attackers potentially impersonating DoorDash support or merchants. The breach originated from **social engineering**, tricking an employee into divulging access credentials. DoorDash blocked the intrusion, engaged law enforcement, and began notifying affected users, though no direct fraud or identity theft has been confirmed yet. The incident underscores vulnerabilities in **supply chain attacks** and the persistent threat of human manipulation in breaches.

DoorDashBreach8546/2019
DOO3603136112725
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: DoorDash, a leading food delivery platform, experienced a significant data breach in October 2025 due to a **social engineering attack** where a scammer manipulated an employee into granting unauthorized access to company systems. The breach exposed **personal information of millions of customers**, including **names, addresses, phone numbers, and email addresses**—though no financial data (e.g., credit card numbers or Social Security numbers) was compromised. The stolen data heightens risks of **spear-phishing attacks**, where scammers exploit the leaked details to craft convincing fraudulent messages, tricking victims into divulging further sensitive information or clicking malware-laden links. This marks DoorDash’s **third major breach since 2019**, raising concerns over recurring vulnerabilities in its security protocols. The company delayed notifying affected users for **19 days**, exacerbating potential fallout. While the exposed data is not highly sensitive, the scale and exploitation risk—combined with DoorDash’s history of breaches—underscore systemic weaknesses in safeguarding customer trust.

DoorDashBreach8546/2019
DOO5203452112125
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: In October 2025, DoorDash suffered a **sophisticated social engineering attack** where an unauthorized third party tricked an employee into granting access to internal systems. The breach compromised **personal information**—including names, email addresses, phone numbers, and physical addresses—of an unspecified number of **customers, delivery workers (Dashers), and merchants**. While DoorDash claimed no 'sensitive' data (e.g., credit cards, SSNs, passwords) was exposed, the leaked details pose risks for **phishing, identity theft, and targeted scams**. The incident mirrors past breaches (2019: 5M users; 2022: driver license numbers), highlighting persistent vulnerabilities in **employee training and third-party risk management**. The company offered **free credit monitoring** but faced criticism for reactive measures. The breach underscores systemic gaps in the gig economy’s cybersecurity, with potential **reputational damage, regulatory scrutiny, and heightened risks for affected users** (e.g., Dashers’ physical safety).

DoorDashBreach8545/2025
DOO4293042111925
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: A DoorDash employee was targeted in a **social engineering scam**, leading to unauthorized access to some **customer data**. While the breach exposed personal information, officials confirmed that **no ID numbers (e.g., Social Security numbers) or payment details** were compromised. The incident highlights vulnerabilities in employee training and susceptibility to phishing or manipulation tactics, which allowed threat actors to bypass security measures. The exposed data may include names, email addresses, or delivery-related information, but the lack of financial or highly sensitive identifiers reduces the immediate risk of identity theft or fraud. However, the breach still poses reputational harm and potential follow-on attacks, such as targeted phishing campaigns against affected customers. DoorDash has not disclosed the exact number of impacted users, but the incident underscores the ongoing risks of human error in cybersecurity defenses.

DoorDashBreach85410/2025
DOO4104241112725
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: In November 2025, DoorDash confirmed a data breach resulting from a **social engineering attack** targeting an employee. The attacker successfully manipulated the employee into divulging legitimate credentials, granting unauthorized access to internal systems. While DoorDash detected and contained the intrusion on **October 25**, the attackers had already exfiltrated **personal contact information** of customers, Dashers, and merchants—including **names, physical addresses, email addresses, and phone numbers**. Although no highly sensitive data (e.g., Social Security numbers, driver’s licenses, or payment card details) was compromised, the stolen information poses a significant risk for **follow-on attacks** such as spear phishing and vishing. The breach underscores the vulnerability of human elements in cybersecurity, emphasizing the need for **AI-driven threat detection** to mitigate dwell time and prevent data theft from compromised identities.

DoorDashVulnerability5027/2023
DOO2492524111725
Rankiteo Explanation :
Attack limited on finance or reputation:

Description: A vulnerability in **DoorDash’s systems** allowed threat actors to exploit an unpatched flaw in the **DoorDash for Business** platform, enabling them to send **fully branded, official-looking emails** from **[email protected]** by injecting arbitrary HTML into the 'Budget name' input field. This created a **highly convincing phishing channel**, as emails bypassed spam filters and appeared legitimate. The flaw, reported by a researcher in **July 2023**, remained unpatched for **over 15 months** due to disputes over disclosure ethics and financial demands. While no **direct data breach** or **internal system access** occurred, the vulnerability posed a **significant reputational and financial risk** by facilitating **large-scale phishing attacks** targeting customers, merchants, or arbitrary recipients. The company eventually patched the issue in **November 2024** after public pressure, but the researcher was banned from DoorDash’s bug bounty program amid accusations of extortion. The incident highlights tensions between **responsible disclosure** and **corporate response protocols** in cybersecurity.

DoorDashBreach60310/2025
DOO5632556111825
Rankiteo Explanation :
Attack with significant impact with internal employee data leaks

Description: DoorDash disclosed a **cybersecurity incident** on **November 13**, confirming a **data breach** caused by a **social engineering attack** targeting an employee on **October 25**. The unauthorized access exposed **personal information** of certain users, including **Dashers and merchants**, such as **names, email addresses, phone numbers, and physical addresses**. While DoorDash stated that **no sensitive data (payment details, government IDs, or Social Security numbers)** was compromised and no evidence of misuse (fraud/identity theft) was found, the breach sparked **public backlash** for downplaying the severity of exposed data (e.g., home addresses labeled as 'non-sensitive').The company **revoked access immediately**, notified affected users, and engaged law enforcement. To mitigate future risks, DoorDash is **reinforcing employee training** and **strengthening authentication protocols**. The incident coincides with **stock volatility** (down **21% this month**) and a separate **$18M legal settlement** with Chicago over deceptive business practices, adding to operational and reputational pressures.

DoorDash
Breach
Severity: 50
Impact: 1
Seen: 09/2018
Blog:
DOO232301022
Rankiteo Explanation
Attack without any consequences

Description: Food delivery startup DoorDash customer's accounts have been hacked. Dozens of people have tweeted that their accounts had been improperly accessed and had fraudulent food deliveries charged to their account. The hackers changed their email addresses. There has been no data breach and that the likely culprit was credential stuffing, in which hackers take lists of stolen usernames and passwords and try them on other sites that may use the same credentials.

DoorDash
Breach
Severity: 80
Impact: 4
Seen: 08/2022
Blog:
DOO0162922
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: Food delivery firm DoorDash suffered a data breach exposing customer and employee data that was compromised in a cyberattack on Twilio. The threat actor gained access to the company's internal tools using stolen credentials from a third-party vendor that had access to their systems. As a response, they disabled the vendor's access to their system and contained the incident. The exposed information included the names, email addresses, delivery addresses, and phone numbers of consumers. In addition, for a small subset of customers, the hackers accessed basic order information and partial credit card information, including the card type and the last four digits of the card number.

DoorDash
Breach
Severity: 85
Impact: 4
Seen: 10/2025
Blog:
DOO5593355112025
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: DoorDash confirmed a cybersecurity incident where hackers accessed a database containing personal contact details of New York users, including full names, phone numbers, email addresses, and physical addresses. The breach originated in October when an employee fell for a **social engineering scam**, allowing unauthorized access. While DoorDash assured that no highly sensitive data (e.g., Social Security numbers, government IDs, driver’s licenses, or payment card information) was compromised, the exposed information still poses risks like phishing, identity theft, or targeted scams. The company responded by shutting down the attacker’s access, launching an investigation, involving law enforcement, and enhancing employee training to prevent future incidents. A dedicated helpline (1-833-918-8030, reference code **B155060**) was set up for affected users.

DoorDash
Breach
Severity: 85
Impact: 4
Seen: 09/2019
Blog:
DOO15123922
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: DoorDash suffered a data breach after an unauthorized user gained access to the personal information of 4.9 million consumers, Dashers, and merchants. The exposed information included email addresses, delivery addresses, order history, phone numbers, and hashed and salted passwords, last four digits of their credit cards or bank accounts consumers, dashers, and merchants. The company notified all the affected individuals through the mail.

DoorDash Inc.
Breach
Severity: 85
Impact: 4
Seen: 5/2019
Blog:
DOO231072825
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: The Washington State Office of the Attorney General reported a data breach involving DoorDash Inc. on September 26, 2019. The breach, which was discovered on September 5, 2019, resulted from unauthorized access on May 4, 2019, affecting 2,243 Washington residents and compromising user data such as names, email addresses, phone numbers, and driver's license numbers.

DoorDash, Inc.
Breach
Severity: 85
Impact: 4
Seen: 5/2019
Blog:
DOO622072825
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: The California Office of the Attorney General reported on September 27, 2019, that DoorDash, Inc. experienced a data breach on May 4, 2019, involving unauthorized access to user data. Approximately 41,740 California residents were affected, with compromised information including names, email addresses, phone numbers, hashed passwords, and driver's license numbers.

DoorDash
Breach
Severity: 85
Impact: 4
Seen: 11/2025
Blog:
DOO5993759111725
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: DoorDash experienced a data breach affecting **4.9 million customers, drivers (Dashers), and merchants** after an attacker exploited credentials from a **third-party vendor** to gain unauthorized access. Exposed data included **names, email addresses, phone numbers, delivery addresses, order history hashes, and the last four digits of payment cards** for Dashers. While **no full financial details, SSNs, or government IDs were compromised**, the leaked contact information heightens risks of **targeted phishing, smishing (SMS scams), and vishing (voice fraud)**, with attackers potentially impersonating DoorDash support or merchants. The breach originated from **social engineering**, tricking an employee into divulging access credentials. DoorDash blocked the intrusion, engaged law enforcement, and began notifying affected users, though no direct fraud or identity theft has been confirmed yet. The incident underscores vulnerabilities in **supply chain attacks** and the persistent threat of human manipulation in breaches.

DoorDash
Breach
Severity: 85
Impact: 4
Seen: 6/2019
Blog:
DOO3603136112725
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: DoorDash, a leading food delivery platform, experienced a significant data breach in October 2025 due to a **social engineering attack** where a scammer manipulated an employee into granting unauthorized access to company systems. The breach exposed **personal information of millions of customers**, including **names, addresses, phone numbers, and email addresses**—though no financial data (e.g., credit card numbers or Social Security numbers) was compromised. The stolen data heightens risks of **spear-phishing attacks**, where scammers exploit the leaked details to craft convincing fraudulent messages, tricking victims into divulging further sensitive information or clicking malware-laden links. This marks DoorDash’s **third major breach since 2019**, raising concerns over recurring vulnerabilities in its security protocols. The company delayed notifying affected users for **19 days**, exacerbating potential fallout. While the exposed data is not highly sensitive, the scale and exploitation risk—combined with DoorDash’s history of breaches—underscore systemic weaknesses in safeguarding customer trust.

DoorDash
Breach
Severity: 85
Impact: 4
Seen: 6/2019
Blog:
DOO5203452112125
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: In October 2025, DoorDash suffered a **sophisticated social engineering attack** where an unauthorized third party tricked an employee into granting access to internal systems. The breach compromised **personal information**—including names, email addresses, phone numbers, and physical addresses—of an unspecified number of **customers, delivery workers (Dashers), and merchants**. While DoorDash claimed no 'sensitive' data (e.g., credit cards, SSNs, passwords) was exposed, the leaked details pose risks for **phishing, identity theft, and targeted scams**. The incident mirrors past breaches (2019: 5M users; 2022: driver license numbers), highlighting persistent vulnerabilities in **employee training and third-party risk management**. The company offered **free credit monitoring** but faced criticism for reactive measures. The breach underscores systemic gaps in the gig economy’s cybersecurity, with potential **reputational damage, regulatory scrutiny, and heightened risks for affected users** (e.g., Dashers’ physical safety).

DoorDash
Breach
Severity: 85
Impact: 4
Seen: 5/2025
Blog:
DOO4293042111925
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: A DoorDash employee was targeted in a **social engineering scam**, leading to unauthorized access to some **customer data**. While the breach exposed personal information, officials confirmed that **no ID numbers (e.g., Social Security numbers) or payment details** were compromised. The incident highlights vulnerabilities in employee training and susceptibility to phishing or manipulation tactics, which allowed threat actors to bypass security measures. The exposed data may include names, email addresses, or delivery-related information, but the lack of financial or highly sensitive identifiers reduces the immediate risk of identity theft or fraud. However, the breach still poses reputational harm and potential follow-on attacks, such as targeted phishing campaigns against affected customers. DoorDash has not disclosed the exact number of impacted users, but the incident underscores the ongoing risks of human error in cybersecurity defenses.

DoorDash
Breach
Severity: 85
Impact: 4
Seen: 10/2025
Blog:
DOO4104241112725
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: In November 2025, DoorDash confirmed a data breach resulting from a **social engineering attack** targeting an employee. The attacker successfully manipulated the employee into divulging legitimate credentials, granting unauthorized access to internal systems. While DoorDash detected and contained the intrusion on **October 25**, the attackers had already exfiltrated **personal contact information** of customers, Dashers, and merchants—including **names, physical addresses, email addresses, and phone numbers**. Although no highly sensitive data (e.g., Social Security numbers, driver’s licenses, or payment card details) was compromised, the stolen information poses a significant risk for **follow-on attacks** such as spear phishing and vishing. The breach underscores the vulnerability of human elements in cybersecurity, emphasizing the need for **AI-driven threat detection** to mitigate dwell time and prevent data theft from compromised identities.

DoorDash
Vulnerability
Severity: 50
Impact: 2
Seen: 7/2023
Blog:
DOO2492524111725
Rankiteo Explanation
Attack limited on finance or reputation:

Description: A vulnerability in **DoorDash’s systems** allowed threat actors to exploit an unpatched flaw in the **DoorDash for Business** platform, enabling them to send **fully branded, official-looking emails** from **[email protected]** by injecting arbitrary HTML into the 'Budget name' input field. This created a **highly convincing phishing channel**, as emails bypassed spam filters and appeared legitimate. The flaw, reported by a researcher in **July 2023**, remained unpatched for **over 15 months** due to disputes over disclosure ethics and financial demands. While no **direct data breach** or **internal system access** occurred, the vulnerability posed a **significant reputational and financial risk** by facilitating **large-scale phishing attacks** targeting customers, merchants, or arbitrary recipients. The company eventually patched the issue in **November 2024** after public pressure, but the researcher was banned from DoorDash’s bug bounty program amid accusations of extortion. The incident highlights tensions between **responsible disclosure** and **corporate response protocols** in cybersecurity.

DoorDash
Breach
Severity: 60
Impact: 3
Seen: 10/2025
Blog:
DOO5632556111825
Rankiteo Explanation
Attack with significant impact with internal employee data leaks

Description: DoorDash disclosed a **cybersecurity incident** on **November 13**, confirming a **data breach** caused by a **social engineering attack** targeting an employee on **October 25**. The unauthorized access exposed **personal information** of certain users, including **Dashers and merchants**, such as **names, email addresses, phone numbers, and physical addresses**. While DoorDash stated that **no sensitive data (payment details, government IDs, or Social Security numbers)** was compromised and no evidence of misuse (fraud/identity theft) was found, the breach sparked **public backlash** for downplaying the severity of exposed data (e.g., home addresses labeled as 'non-sensitive').The company **revoked access immediately**, notified affected users, and engaged law enforcement. To mitigate future risks, DoorDash is **reinforcing employee training** and **strengthening authentication protocols**. The incident coincides with **stock volatility** (down **21% this month**) and a separate **$18M legal settlement** with Chicago over deceptive business practices, adding to operational and reputational pressures.

Ailogo

DB Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

🔒
Incident Predictions locked
Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

🔒
A.I. Risk Score Predictions locked
Access Monitoring Plan
statics

Underwriter Stats for DB

Incidents vs Technology, Information and Internet Industry Average (This Year)

DoorDash for Business has 26.58% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

DoorDash for Business has 56.25% more incidents than the average of all companies with at least one recorded incident.

Incident Types DB vs Technology, Information and Internet Industry Avg (This Year)

DoorDash for Business reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.

Incident History — DB (X = Date, Y = Severity)

DB cyber incidents detection timeline including parent company and subsidiaries

DB Company Subsidiaries

SubsidiaryImage

DoorDash for Business, a product of DoorDash, specializes in end-to-end delivery for every corporate food need. Our fast and easy meal program provides unparalleled service and quality for all sizes of companies and all types of occasions. This page is not being monitored for Help & Support requests. For all requests, please visit: https://help.doordash.com/business/s/work-support?language=en_US

similarCompanies

DB Similar Companies

Binance
binance.com

Binance is the world’s leading blockchain ecosystem and cryptocurrency infrastructure provider with a product suite that includes the world's largest digital asset exchange and much more. Trusted by over 200 millions of users worldwide, the Binance platform is dedicated to increasing the freedom of

Security Report Compare
The Death Star
starwars.com

The mission of the Death Star is to keep the local systems "in line". As we have recently dissolved our Board of Directors, there is little resistance to our larger goal of universal domination. Our Stormtroopers are excellent shots and operate with our Navy, and are fielded like marines - sep

Security Report Compare
Primary School
primaryschool.com.au

www.primaryschool.com.au is a directory of sites for students and lesson plans and reference material for teachers and parents. It is currently averaging up to 350,000 unique visitors a month and has over 44,000 subscribers to its free weekly newsletter which showcases the latest internet based reso

Security Report Compare

At eBay, we create pathways to connect millions of sellers and buyers in more than 190 markets around the world. Our technology empowers our customers, providing everyone the opportunity to grow and thrive — no matter who they are or where they are in the world. And the ripple effect of our work cre

Security Report Compare
Booking Holdings (NASDAQ: BKNG)
bookingholdings.com

Booking Holdings is the world’s leading provider of online travel & related services, provided to consumers and local partners in more than 220 countries and territories through six primary consumer-facing brands: Booking.com, Priceline, Agoda, Rentalcars.com, KAYAK and OpenTable. Collectively, Book

Security Report Compare
Sohu.com
sohu.com

Sohu.com Inc. (NASDAQ: SOHU) is China's premier online brand and indispensable to the daily life of millions of Chinese, providing a network of web properties and community based/web 2.0 products which offer the vast Sohu user community a broad array of choices regarding information, entertainment a

Security Report Compare

Fanatics is a leading global digital sports platform. We ignite the passions of global sports fans and maximize the presence and reach for our hundreds of sports partners globally by offering products and services across Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming, allowi

Security Report Compare
Jumia Group
jumia.com

Jumia (NYSE :JMIA) is a leading e-commerce platform in Africa. It is built around a marketplace, Jumia Logistics, and JumiaPay. The marketplace helps millions of consumers and sellers to connect and transact. Jumia Logistics enables the delivery of millions of packages through our network of local p

Security Report Compare
IndiaMART InterMESH Limited
indiamart.com

IndiaMART is India's largest online B2B marketplace, connecting buyers with suppliers across a wide array of industries. IndiaMART provides a platform for Small & Medium Enterprises (SMEs), large enterprises, and individual buyers, helping them access diverse portfolios of quality products. Since

Security Report Compare
newsone

DB CyberSecurity News

November 22, 2025 10:31 AM
DoorDash Suffers Data Breach Exposing User Contact Information, Blames Social Engineering Attack

DoorDash has confirmed a data breach that exposed personal contact details of users across its platform, including customers,...

Read Article
November 22, 2025 02:40 AM
DoorDash Hit With Suit Over Breach Of Customer, Dasher Data

Delivery service DoorDash failed to delete old data and take other necessary steps to protect the personal information of customers,...

Read Article
November 21, 2025 04:00 PM
DoorDash Confirms Data Breach After Social Engineering Attack on Employee

Food and retail delivery company DoorDash has confirmed a data breach that compromised consumers' and business partners' information after...

Read Article
November 20, 2025 07:31 PM
DoorDash confirms user data theft for an unknown number of customers

Popular iPhone app and delivery service DoorDash, has confirmed that hackers have stolen personal information, and is informing those...

Read Article
November 20, 2025 06:33 PM
DoorDash Data Breach Exposes Customer Info After Employee Scam

DoorDash has confirmed a data breach caused by a social engineering attack that exposed customer information but stopped short of leaking...

Read Article
November 20, 2025 01:49 PM
A Strange DoorDash Breach Has New York Wondering What’s Next

DoorDash is alerting New Yorkers that scammers may have accessed your personal information. It started with one employee falling for a scam.

Read Article
November 20, 2025 01:03 PM
DoorDash 2025 Data Breach Exposes Customer Info in Social Engineering Attack

In the fast-paced world of food delivery, where convenience is king, DoorDash has long positioned itself as a leader, serving millions...

Read Article
November 20, 2025 11:38 AM
DoorDash Data Breach Highlights the Human Weak Link in Cyber Defense

The DoorDash Data Breach underscores how human error remains the weakest link in cyber defense — and why improving employee awareness is critical.

Read Article
November 19, 2025 04:49 PM
DoorDash reports cybersecurity incident; Assures no sensitive data compromised

NATIONWIDE – DoorDash announced today, November 13, 2025, that it recently identified and contained a cybersecurity incident in which an...

Read Article
faq

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

DB CyberSecurity History Information

Official Website of DoorDash for Business

The official website of DoorDash for Business is https://business.doordash.com/.

DoorDash for Business’s AI-Generated Cybersecurity Score

According to Rankiteo, DoorDash for Business’s AI-generated cybersecurity score is 697, reflecting their Weak security posture.

How many security badges does DoorDash for Business’ have ?

According to Rankiteo, DoorDash for Business currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Does DoorDash for Business have SOC 2 Type 1 certification ?

According to Rankiteo, DoorDash for Business is not certified under SOC 2 Type 1.

Does DoorDash for Business have SOC 2 Type 2 certification ?

According to Rankiteo, DoorDash for Business does not hold a SOC 2 Type 2 certification.

Does DoorDash for Business comply with GDPR ?

According to Rankiteo, DoorDash for Business is not listed as GDPR compliant.

Does DoorDash for Business have PCI DSS certification ?

According to Rankiteo, DoorDash for Business does not currently maintain PCI DSS compliance.

Does DoorDash for Business comply with HIPAA ?

According to Rankiteo, DoorDash for Business is not compliant with HIPAA regulations.

Does DoorDash for Business have ISO 27001 certification ?

According to Rankiteo,DoorDash for Business is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Industry Classification of DoorDash for Business

DoorDash for Business operates primarily in the Technology, Information and Internet industry.

Number of Employees at DoorDash for Business

DoorDash for Business employs approximately 79 people worldwide.

Subsidiaries Owned by DoorDash for Business

DoorDash for Business presently has no subsidiaries across any sectors.

DoorDash for Business’s LinkedIn Followers

DoorDash for Business’s official LinkedIn profile has approximately 3,070 followers.

NAICS Classification of DoorDash for Business

DoorDash for Business is classified under the NAICS code 513, which corresponds to Others.

DoorDash for Business’s Presence on Crunchbase

No, DoorDash for Business does not have a profile on Crunchbase.

DoorDash for Business’s Presence on LinkedIn

Yes, DoorDash for Business maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/doordash-for-business.

Cybersecurity Incidents Involving DoorDash for Business

As of November 27, 2025, Rankiteo reports that DoorDash for Business has experienced 13 cybersecurity incidents.

Number of Peer and Competitor Companies

DoorDash for Business has an estimated 12,520 peer or competitor companies worldwide.

What types of cybersecurity incidents have occurred at DoorDash for Business ?

Incident Types: The types of cybersecurity incidents that have occurred include Breach and Vulnerability.

How does DoorDash for Business detect and respond to cybersecurity incidents ?

Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with disabled the vendor's access to their system and contained the incident., and communication strategy with notified all affected individuals through the mail, and incident response plan activated with yes (after 15+ months of inaction), and third party assistance with hackerone (bug bounty platform), and containment measures with patch applied to input validation in doordash for business backend, containment measures with html sanitization in email templates, and remediation measures with closed vulnerable budget name input field, remediation measures with enhanced email template rendering security, and communication strategy with public statement to bleepingcomputer, communication strategy with no direct customer notification mentioned, and and and containment measures with blocked unauthorized access, and recovery measures with notifying affected users via in-app/email, and communication strategy with public blog post, communication strategy with direct notifications to affected users, communication strategy with media statements, and incident response plan activated with yes (access revoked, users notified), and law enforcement notified with yes (investigation ongoing), and containment measures with immediate access revocation, and remediation measures with reinforced employee training, remediation measures with strengthened authentication protocols, and communication strategy with public notice to users (november 13, 2023), and communication strategy with public disclosure via media (kelo.com), and and and containment measures with shut down unauthorized access, and remediation measures with investigation launched, remediation measures with enhanced employee training, and recovery measures with dedicated helpline for affected users (1-833-918-8030), and communication strategy with public disclosure, communication strategy with helpline with reference code (b155060), and incident response plan activated with yes (swift action upon discovery), and third party assistance with partnerships with security firms for investigation and defense fortification, and containment measures with employee verification process enhancements, containment measures with system access reviews, and remediation measures with user notifications (email), remediation measures with free credit monitoring via experian (1 year), and communication strategy with public statements downplaying severity, emails to affected users with mitigation advice (password updates, account monitoring), and enhanced monitoring with implemented for employee access and unusual activity, and incident response plan activated with yes (delayed customer notification by 19 days), and remediation measures with customer notification emails, remediation measures with advisory for credit freezes/monitoring, remediation measures with password reset and 2fa recommendations, and communication strategy with email notifications, communication strategy with toll-free helpline (1-800-833-8030, ref: b155060), communication strategy with public advisory on phishing risks, and and containment measures with detection of intrusion on 2025-10-25, containment measures with access containment (timing unspecified), and communication strategy with public disclosure in november 2025, communication strategy with advisory on compromised data types, and enhanced monitoring with ai-driven threat detection (e.g., seceon aixdr recommended)..

Incident Details

Can you provide details on each incident ?

Incident : Data Breach

measurementExposure impactImpact

Title: DoorDash Data Breach

Description: DoorDash suffered a data breach exposing customer and employee data that was compromised in a cyberattack on Twilio. The threat actor gained access to the company's internal tools using stolen credentials from a third-party vendor that had access to their systems.

Type: Data Breach

Attack Vector: Stolen Credentials

Vulnerability Exploited: Third-party Vendor Access

Incident : Data Breach

measurementExposure impactImpact

Title: DoorDash Data Breach

Description: DoorDash suffered a data breach after an unauthorized user gained access to the personal information of 4.9 million consumers, Dashers, and merchants. The exposed information included email addresses, delivery addresses, order history, phone numbers, and hashed and salted passwords, last four digits of their credit cards or bank accounts consumers, dashers, and merchants. The company notified all the affected individuals through the mail.

Type: Data Breach

Attack Vector: Unauthorized Access

Threat Actor: Unauthorized User

Incident : Data Breach

measurementExposure impactImpact

Title: DoorDash Data Breach

Description: Unauthorized access to user data including names, email addresses, phone numbers, hashed passwords, and driver's license numbers.

Date Detected: 2019-09-27

Date Publicly Disclosed: 2019-09-27

Type: Data Breach

Attack Vector: Unauthorized Access

Incident : Data Breach

measurementExposure impactImpact

Title: DoorDash Data Breach

Description: The Washington State Office of the Attorney General reported a data breach involving DoorDash Inc. on September 26, 2019. The breach, which was discovered on September 5, 2019, resulted from unauthorized access on May 4, 2019, affecting 2,243 Washington residents and compromising user data such as names, email addresses, phone numbers, and driver's license numbers.

Date Detected: 2019-09-05

Date Publicly Disclosed: 2019-09-26

Type: Data Breach

Attack Vector: Unauthorized Access

Incident : Data Breach

measurementExposure impactImpact

Title: DoorDash Data Breach Affecting 4.9 Million Users

Description: Restaurant and food delivery service DoorDash confirmed a data breach affecting 4.9 million customers, drivers, and merchants. An attacker used credentials obtained through a third-party service provider to gain unauthorized access to user data, including names, email addresses, delivery addresses (with phone numbers), order history hashes, and partial payment card details (last four digits). While no financial fraud or identity theft was confirmed, the exposed contact details increase the risk of targeted phishing, smishing, and vishing attacks. DoorDash blocked unauthorized access, notified law enforcement, and began alerting affected accounts.

Type: Data Breach

Attack Vector: Third-Party Vendor CompromiseCredential TheftSocial Engineering

Vulnerability Exploited: Human error (social engineering of third-party employee)

Motivation: Data TheftPotential Fraud Enablement

Incident : Data Breach

measurementExposure impactImpact

Title: DoorDash Data Breach via Social Engineering Attack (October 2023)

Description: DoorDash disclosed a cybersecurity incident where an unauthorized person accessed personal information of certain users (including Dashers and merchants) through a social engineering attack targeting an employee. The breach occurred on October 25, 2023, and was publicly disclosed on November 13, 2023. Affected data included names, email addresses, phone numbers, and physical addresses, but no sensitive information like payment details, government IDs, or Social Security numbers was exposed. DoorDash revoked the unauthorized access, notified affected users, and is cooperating with law enforcement. The company is reinforcing employee training and authentication protocols to prevent future incidents.

Date Detected: 2023-10-25

Date Publicly Disclosed: 2023-11-13

Type: Data Breach

Attack Vector: Social Engineering (Employee Targeted)

Vulnerability Exploited: Human Error / Lack of Authentication Protocols

Threat Actor: Unauthorized Individual (Unknown)

Incident : Data Breach (Social Engineering)

measurementExposure impactImpact

Title: DoorDash Employee Falls Victim to Social Engineering Scam, Exposing Customer Data

Description: A DoorDash employee fell victim to a social engineering scam, resulting in unauthorized access to some customer data. Officials confirmed that no ID numbers or payment information was released in the breach.

Type: Data Breach (Social Engineering)

Attack Vector: Social Engineering

Vulnerability Exploited: Human Error (Employee Susceptibility to Social Engineering)

Incident : Data Breach

measurementExposure impactImpact

Title: DoorDash Cybersecurity Incident Affecting New Yorkers

Description: DoorDash confirmed a cybersecurity incident where scammers accessed personal information of New Yorkers after an employee fell victim to a social engineering scam in October. The breach exposed names, phone numbers, email addresses, and physical addresses, but no sensitive data like Social Security numbers or payment information was compromised. DoorDash responded by shutting down unauthorized access, launching an investigation, and notifying law enforcement. They also set up a dedicated helpline (1-833-918-8030, reference code B155060) for affected users and committed to enhanced employee training to prevent future incidents.

Date Detected: 2023-10

Type: Data Breach

Attack Vector: Social Engineering (Phishing/Scam)

Vulnerability Exploited: Human Error (Employee Fell for Scam)

Threat Actor: Unknown (Scammers/Hackers)

Motivation: Unauthorized Data Access (Likely Financial or Data Theft)

Incident : Data Breach

measurementExposure impactImpact

Title: DoorDash Data Breach via Social Engineering Attack (October 2025)

Description: A sophisticated social engineering attack compromised personal information of DoorDash customers, Dashers (delivery workers), and merchants in October 2025. An unauthorized third party tricked a DoorDash employee into granting access to internal systems, exposing names, email addresses, phone numbers, and physical addresses. While DoorDash downplayed the severity (claiming no credit card details, SSNs, or passwords were accessed), experts warn that exposed data can be weaponized for phishing, identity theft, or targeted scams. The breach highlights persistent vulnerabilities in employee training and third-party risk management within the gig economy.

Date Detected: Early October 2025

Date Publicly Disclosed: Mid-November 2025

Type: Data Breach

Attack Vector: Phishing/Social Engineering (employee manipulation to gain internal system access)

Vulnerability Exploited: Human error (employee susceptibility to scams), lack of robust multi-factor authentication (MFA) enforcement

Threat Actor: Unidentified unauthorized third party

Motivation: Data TheftPotential Financial Gain (via phishing/identity theft)Targeted Scams

Incident : Data Breach

measurementExposure impactImpact

Title: DoorDash Data Breach via Social Engineering (October 2025)

Description: DoorDash, the food delivery app, suffered a major data breach in October 2025 due to social engineering, where a scammer convinced an employee to grant access to company data. The breach exposed personal information (names, addresses, phone numbers, email addresses) of millions of customers, putting them at risk of spear phishing and identity theft. This marks DoorDash's third major data breach since 2019. Notification to affected customers was delayed by 19 days.

Date Detected: 2025-10-01

Date Publicly Disclosed: 2025-10-20

Type: Data Breach

Attack Vector: Social Engineering

Vulnerability Exploited: Human Error (Employee Manipulation)

Threat Actor: Unidentified Scammer (Psychologically Skilled)

Motivation: Data Theft for Phishing/Scams

Incident : Data Breach

measurementExposure impactImpact

Title: DoorDash Social Engineering Data Breach (2025)

Description: In November 2025, DoorDash disclosed a data breach where an employee fell victim to a social engineering attack, leading to the compromise of customer, Dasher, and merchant personal information. The attackers gained unauthorized access using legitimate credentials obtained via manipulation, bypassing security awareness training. The breach exposed names, physical addresses, email addresses, and phone numbers but did not include sensitive data like Social Security numbers, driver’s license information, or payment card details. The incident underscores the vulnerability of human elements in cybersecurity and the need for AI-driven threat detection to mitigate dwell time and post-compromise risks.

Date Detected: 2025-10-25

Date Publicly Disclosed: 2025-11

Type: Data Breach

Attack Vector: Social EngineeringPhishing (Spear Phishing/Vishing)Compromised Credentials

Vulnerability Exploited: Human Trust and Error (Bypassed Security Awareness Training)

Motivation: Data Theft for Follow-on Attacks (e.g., Spear Phishing, Vishing)Potential Financial Gain via Stolen Data

What are the most common types of attacks the company has faced ?

Common Attack Types: The most common types of attacks the company has faced is Breach.

How does the company identify the attack vectors used in incidents ?

Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Third-party Vendor, DoorDash for Business Platform (Budget Name Input Field), Third-party service provider credentials (obtained via social engineering), Employee (Social Engineering), Social Engineering (Employee Targeted), Employee (Social Engineering Scam), Phishing email targeting a DoorDash employee, Employee manipulation (social engineering) and Social Engineering (Employee Credential Compromise).

Impact of the Incidents

What was the impact of each incident ?

Incident : Data Breach DOO0162922

Data Compromised: Names, Email addresses, Delivery addresses, Phone numbers, Basic order information, Partial credit card information

Incident : Data Breach DOO15123922

Data Compromised: Email addresses, Delivery addresses, Order history, Phone numbers, Hashed and salted passwords, Last four digits of credit cards, Last four digits of bank accounts

Incident : Data Breach DOO622072825

Data Compromised: Names, Email addresses, Phone numbers, Hashed passwords, Driver's license numbers

Incident : Data Breach DOO231072825

Data Compromised: Names, Email addresses, Phone numbers, Driver's license numbers

Incident : Data Breach DOO5993759111725

Data Compromised: Names, Email addresses, Phone numbers, Physical addresses, Order history hashes, Last four digits of payment cards (dashers only)

Operational Impact: Increased risk of phishing/smishing/vishing attacks; reputational harm; customer notification efforts

Customer Complaints: Expected increase due to phishing risks

Brand Reputation Impact: Moderate (trust erosion, media coverage)

Identity Theft Risk: Low (no SSNs, full payment cards, or government IDs exposed)

Payment Information Risk: Low (only last four digits of payment cards for Dashers)

Incident : Data Breach DOO5632556111825

Data Compromised: Names, Email addresses, Phone numbers, Physical addresses

Operational Impact: Minimal (Access Revoked Immediately)

Customer Complaints: Backlash on Reddit for Downplaying Severity of Exposed Data (e.g., Names and Home Addresses as 'Non-Sensitive')

Brand Reputation Impact: Negative (Criticism for Data Handling, Stock Volatility)

Identity Theft Risk: No Indication of Misuse (as of Disclosure)

Payment Information Risk: None (Payment Information Not Exposed)

Incident : Data Breach (Social Engineering) DOO4293042111925

Data Compromised: Customer personal information (non-sensitive)

Brand Reputation Impact: Potential Negative Impact (Public Disclosure of Breach)

Identity Theft Risk: Low (No ID Numbers or Payment Information Compromised)

Payment Information Risk: None (Officials Confirmed No Payment Information Exposed)

Incident : Data Breach DOO5593355112025

Data Compromised: Full names, Phone numbers, Email addresses, Physical addresses

Brand Reputation Impact: Potential Negative Impact (Public Disclosure of Breach)

Identity Theft Risk: Low (No Sensitive PII like SSNs or Payment Data Exposed)

Payment Information Risk: None (No Payment Data Accessed)

Incident : Data Breach DOO5203452112125

Data Compromised: Names, Email addresses, Phone numbers, Physical addresses

Systems Affected: Internal systems (unspecified)

Operational Impact: Notification process to affected users (mid-to-late November 2025), partnership with security firms for investigation

Revenue Loss: Minor stock dip reported

Brand Reputation Impact: Negative; erosion of trust in gig economy platforms, potential regulatory scrutiny

Legal Liabilities: Possible fines or mandated audits under regulations like CCPA; historical context of lawsuits from 2019 breach

Identity Theft Risk: High (exposed PII can be used for phishing, spear-phishing, or cross-referencing with other databases)

Payment Information Risk: Low (DoorDash confirmed no credit card details or passwords were accessed)

Incident : Data Breach DOO3603136112725

Data Compromised: Names, Addresses, Phone numbers, Email addresses

Customer Complaints: Expected (due to delayed notification and phishing risks)

Brand Reputation Impact: High (third breach since 2019, delayed disclosure)

Identity Theft Risk: High (spear phishing, scams using stolen PII)

Payment Information Risk: Low (no credit card/Social Security numbers exposed)

Incident : Data Breach DOO4104241112725

Data Compromised: Names, Physical addresses, Email addresses, Phone numbers

Operational Impact: Potential Increased Risk of Follow-on Attacks (Spear Phishing/Vishing)

Brand Reputation Impact: High (High-Visibility Breach Undermining Trust in Security Posture)

Identity Theft Risk: Moderate (Exposed PII Could Enable Targeted Scams)

Payment Information Risk: None (Confirmed Not Accessed)

What types of data are most commonly compromised in incidents ?

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Email Addresses, Delivery Addresses, Phone Numbers, Basic Order Information, Partial Credit Card Information, , Email Addresses, Delivery Addresses, Order History, Phone Numbers, Hashed And Salted Passwords, Last Four Digits Of Credit Cards, Last Four Digits Of Bank Accounts, , Names, Email Addresses, Phone Numbers, Hashed Passwords, Driver'S License Numbers, , Names, Email Addresses, Phone Numbers, Driver'S License Numbers, , None, Personal Identifiable Information (Pii), Contact Information, Partial Payment Data, , Personal Information (Pii), , Personal Information (Non-Sensitive), , Personal Contact Details (Names, Phone Numbers, Emails, Physical Addresses), , Personally Identifiable Information (Pii), , Personally Identifiable Information (Pii), , Personal Identifiable Information (Pii) and .

Which entities were affected by each incident ?

Incident : Data Breach DOO0162922

Entity Name: DoorDash

Entity Type: Company

Industry: Food Delivery

Incident : Data Breach DOO15123922

Entity Name: DoorDash

Entity Type: Company

Industry: Food Delivery

Customers Affected: 4900000

Incident : Data Breach DOO622072825

Entity Name: DoorDash, Inc.

Entity Type: Company

Industry: Food Delivery

Location: California

Customers Affected: 41740

Incident : Data Breach DOO231072825

Entity Name: DoorDash Inc.

Entity Type: Company

Industry: Food Delivery

Location: Washington

Customers Affected: 2243

Incident : Data Breach DOO5993759111725

Entity Name: DoorDash

Entity Type: Food Delivery Platform

Industry: Technology / Logistics

Location: United States (Global Operations)

Customers Affected: 4.9 million (customers, drivers, merchants)

Incident : Data Breach DOO5632556111825

Entity Name: DoorDash

Entity Type: Food Delivery Platform

Industry: Technology / E-Commerce

Location: United States (HQ: San Francisco, CA)

Size: Large (Publicly Traded, NYSE: DASH)

Customers Affected: Certain Users (Dashers and Merchants)

Incident : Data Breach (Social Engineering) DOO4293042111925

Entity Name: DoorDash

Entity Type: Company

Industry: Food Delivery / Technology

Location: United States (Headquarters in San Francisco, CA)

Incident : Data Breach DOO5593355112025

Entity Name: DoorDash

Entity Type: Private Company

Industry: Food Delivery/Technology

Location: New York, USA (Affected Users: New Yorkers)

Customers Affected: New York-based Users (Exact Number Unspecified)

Incident : Data Breach DOO5203452112125

Entity Name: DoorDash

Entity Type: Food Delivery Platform

Industry: Gig Economy / Technology

Location: United States (primary market)

Size: Over 30 million users (customers, Dashers, merchants)

Customers Affected: Unspecified number (potentially large, given user base)

Incident : Data Breach DOO5203452112125

Entity Name: DoorDash Customers

Entity Type: Individuals

Location: Primarily United States

Customers Affected: Personal data exposed

Incident : Data Breach DOO5203452112125

Entity Name: Dashers (Delivery Workers)

Entity Type: Gig Workers

Industry: Food Delivery

Location: United States

Customers Affected: Personal data exposed (including physical addresses, raising safety concerns)

Incident : Data Breach DOO5203452112125

Entity Name: Merchants

Entity Type: Businesses

Industry: Food Service

Location: United States

Customers Affected: Personal/contact data exposed

Incident : Data Breach DOO3603136112725

Entity Name: DoorDash

Entity Type: Private Company

Industry: Food Delivery/Tech

Location: Canada (and global customers)

Size: Large (millions of customers)

Customers Affected: Millions

Incident : Data Breach DOO4104241112725

Entity Name: DoorDash

Entity Type: Food Delivery Platform

Industry: Technology / Food Delivery

Location: Global (Primarily USA)

Response to the Incidents

What measures were taken in response to each incident ?

Incident : Data Breach DOO0162922

Containment Measures: Disabled the vendor's access to their system and contained the incident.

Incident : Data Breach DOO15123922

Communication Strategy: Notified all affected individuals through the mail

Incident : Data Breach DOO5993759111725

Incident Response Plan Activated: True

Containment Measures: Blocked unauthorized access

Recovery Measures: Notifying affected users via in-app/email

Communication Strategy: Public blog postDirect notifications to affected usersMedia statements

Incident : Data Breach DOO5632556111825

Incident Response Plan Activated: Yes (Access Revoked, Users Notified)

Law Enforcement Notified: Yes (Investigation Ongoing)

Containment Measures: Immediate Access Revocation

Remediation Measures: Reinforced Employee TrainingStrengthened Authentication Protocols

Communication Strategy: Public Notice to Users (November 13, 2023)

Incident : Data Breach (Social Engineering) DOO4293042111925

Communication Strategy: Public Disclosure via Media (KELO.com)

Incident : Data Breach DOO5593355112025

Incident Response Plan Activated: True

Containment Measures: Shut Down Unauthorized Access

Remediation Measures: Investigation LaunchedEnhanced Employee Training

Recovery Measures: Dedicated Helpline for Affected Users (1-833-918-8030)

Communication Strategy: Public DisclosureHelpline with Reference Code (B155060)

Incident : Data Breach DOO5203452112125

Incident Response Plan Activated: Yes (swift action upon discovery)

Third Party Assistance: Partnerships with security firms for investigation and defense fortification

Containment Measures: Employee verification process enhancementsSystem access reviews

Remediation Measures: User notifications (email)Free credit monitoring via Experian (1 year)

Communication Strategy: Public statements downplaying severity, emails to affected users with mitigation advice (password updates, account monitoring)

Enhanced Monitoring: Implemented for employee access and unusual activity

Incident : Data Breach DOO3603136112725

Incident Response Plan Activated: Yes (delayed customer notification by 19 days)

Remediation Measures: Customer notification emailsAdvisory for credit freezes/monitoringPassword reset and 2FA recommendations

Communication Strategy: Email notificationsToll-free helpline (1-800-833-8030, ref: B155060)Public advisory on phishing risks

Incident : Data Breach DOO4104241112725

Incident Response Plan Activated: True

Containment Measures: Detection of Intrusion on 2025-10-25Access Containment (Timing Unspecified)

Communication Strategy: Public Disclosure in November 2025Advisory on Compromised Data Types

Enhanced Monitoring: AI-Driven Threat Detection (e.g., Seceon aiXDR Recommended)

What is the company's incident response plan?

Incident Response Plan: The company's incident response plan is described as Yes (After 15+ Months of Inaction), , Yes (Access Revoked, Users Notified), , Yes (swift action upon discovery), Yes (delayed customer notification by 19 days), .

How does the company involve third-party assistance in incident response ?

Third-Party Assistance: The company involves third-party assistance in incident response through HackerOne (Bug Bounty Platform), , Partnerships with security firms for investigation and defense fortification.

Data Breach Information

What type of data was compromised in each breach ?

Incident : Data Breach DOO0162922

Type of Data Compromised: Names, Email addresses, Delivery addresses, Phone numbers, Basic order information, Partial credit card information

Personally Identifiable Information: namesemail addressesdelivery addressesphone numbers

Incident : Data Breach DOO15123922

Type of Data Compromised: Email addresses, Delivery addresses, Order history, Phone numbers, Hashed and salted passwords, Last four digits of credit cards, Last four digits of bank accounts

Number of Records Exposed: 4900000

Incident : Data Breach DOO622072825

Type of Data Compromised: Names, Email addresses, Phone numbers, Hashed passwords, Driver's license numbers

Number of Records Exposed: 41740

Sensitivity of Data: High

Incident : Data Breach DOO231072825

Type of Data Compromised: Names, Email addresses, Phone numbers, Driver's license numbers

Number of Records Exposed: 2243

Incident : Data Breach DOO5993759111725

Type of Data Compromised: Personal identifiable information (pii), Contact information, Partial payment data

Number of Records Exposed: 4.9 million

Sensitivity of Data: Moderate (no full financial or government ID data)

Personally Identifiable Information: NamesEmail AddressesPhone NumbersPhysical Addresses

Incident : Data Breach DOO5632556111825

Type of Data Compromised: Personal information (pii)

Sensitivity of Data: Moderate (No Financial/Payment Data or Government IDs)

Data Exfiltration: Likely (Unauthorized Access Confirmed)

Personally Identifiable Information: NamesEmail AddressesPhone NumbersPhysical Addresses

Incident : Data Breach (Social Engineering) DOO4293042111925

Type of Data Compromised: Personal information (non-sensitive)

Sensitivity of Data: Low (No ID Numbers or Payment Information)

Data Exfiltration: Yes (Some Customer Data Accessed)

Personally Identifiable Information: Partial (Excluding ID Numbers and Payment Information)

Incident : Data Breach DOO5593355112025

Type of Data Compromised: Personal contact details (names, phone numbers, emails, physical addresses)

Sensitivity of Data: Moderate (No Highly Sensitive PII)

Personally Identifiable Information: Full NamesPhone NumbersEmail AddressesPhysical Addresses

Incident : Data Breach DOO5203452112125

Type of Data Compromised: Personally identifiable information (pii)

Number of Records Exposed: Unspecified (potentially large, given 30M+ user base)

Sensitivity of Data: Moderate (no financial data or passwords, but PII can enable phishing/identity theft)

Data Exfiltration: Likely (data accessed by unauthorized party)

Personally Identifiable Information: NamesEmail addressesPhone numbersPhysical addresses

Incident : Data Breach DOO3603136112725

Type of Data Compromised: Personally identifiable information (pii)

Number of Records Exposed: Millions

Sensitivity of Data: Moderate (no financial/PII like SSNs, but high phishing risk)

Data Exfiltration: Yes

Personally Identifiable Information: NamesAddressesPhone NumbersEmail Addresses

Incident : Data Breach DOO4104241112725

Type of Data Compromised: Personal identifiable information (pii)

Sensitivity of Data: Moderate (No Financial/Payment Data or Government IDs)

Personally Identifiable Information: NamesPhysical AddressesEmail AddressesPhone Numbers

What measures does the company take to prevent data exfiltration ?

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Closed Vulnerable Budget Name Input Field, Enhanced Email Template Rendering Security, , Reinforced Employee Training, Strengthened Authentication Protocols, , Investigation Launched, Enhanced Employee Training, , User notifications (email), Free credit monitoring via Experian (1 year), , Customer notification emails, Advisory for credit freezes/monitoring, Password reset and 2FA recommendations, .

How does the company handle incidents involving personally identifiable information (PII) ?

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by disabled the vendor's access to their system and contained the incident., patch applied to input validation in doordash for business backend, html sanitization in email templates, , blocked unauthorized access, , immediate access revocation, , shut down unauthorized access, , employee verification process enhancements, system access reviews, , detection of intrusion on 2025-10-25, access containment (timing unspecified) and .

Ransomware Information

Was ransomware involved in any of the incidents ?

Incident : Data Breach DOO5593355112025

Data Exfiltration: True

How does the company recover data encrypted by ransomware ?

Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Notifying affected users via in-app/email, , Dedicated Helpline for Affected Users (1-833-918-8030), .

Regulatory Compliance

Were there any regulatory violations and fines imposed for each incident ?

Incident : Data Breach DOO5993759111725

Regulatory Notifications: Expected under state breach-notification laws (e.g., California Consumer Privacy Act)

Incident : Data Breach DOO5203452112125

Regulations Violated: Potential violations of California Consumer Privacy Act (CCPA),

Legal Actions: Possible (historical context of lawsuits from 2019 breach)

How does the company ensure compliance with regulatory requirements ?

Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Researcher Banned from DoorDash Bug Bounty Program, , Possible (historical context of lawsuits from 2019 breach).

Lessons Learned and Recommendations

What lessons were learned from each incident ?

Incident : Data Breach DOO5993759111725

Lessons Learned: Supply chain vulnerabilities remain a critical risk vector, especially for third-party vendors with access to credentials., Social engineering continues to be a dominant attack method, bypassing technical controls., Contact information (phone numbers, addresses) can enable highly targeted phishing campaigns even without financial data exposure., Proactive user education and phishing-resistant MFA are essential for mitigating post-breach risks.

Incident : Data Breach DOO5632556111825

Lessons Learned: Importance of robust authentication protocols and employee training to mitigate social engineering risks. Need for clearer communication about the sensitivity of exposed data (e.g., physical addresses).

Incident : Data Breach DOO5593355112025

Lessons Learned: Enhanced employee training is critical to prevent social engineering attacks. Rapid incident response (shutting down access, investigation, and law enforcement notification) helps mitigate damage. Proactive customer communication (e.g., helpline) builds trust post-breach.

Incident : Data Breach DOO5203452112125

Lessons Learned: Human error remains a critical vulnerability; robust employee training and MFA enforcement are essential., Third-party risk management requires stricter controls, especially in gig economy platforms with vast PII repositories., Proactive measures (e.g., zero-trust architectures, AI-driven anomaly detection) are needed to prevent recurring breaches., Data minimization strategies can reduce breach impacts by limiting stored PII.

Incident : Data Breach DOO3603136112725

Lessons Learned: Social engineering remains a critical vulnerability; employee training is essential., Delayed breach notifications erode customer trust and increase risks (e.g., phishing)., Proactive credit monitoring/freezes should be recommended to affected users., Multi-factor authentication (2FA) is critical for mitigating post-breach account takeovers.

Incident : Data Breach DOO4104241112725

Lessons Learned: Human elements (e.g., social engineering) remain a critical vulnerability despite technical defenses., Security awareness training alone is insufficient; proactive, AI-driven detection (e.g., UEBA, XDR) is essential to mitigate dwell time., Legitimate credentials can be weaponized; behavioral analytics are required to detect anomalous activity post-compromise., Follow-on attacks (e.g., spear phishing) are a major risk when PII is exposed, even without financial data.

What recommendations were made to prevent future incidents ?

Incident : Data Breach DOO5993759111725

Recommendations: Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.

Incident : Data Breach DOO5632556111825

Recommendations: Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Conduct regular phishing/social engineering simulations for employees., Enhance transparency in breach disclosures to address public concerns about data sensitivity., Monitor dark web for potential misuse of exposed data.Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Conduct regular phishing/social engineering simulations for employees., Enhance transparency in breach disclosures to address public concerns about data sensitivity., Monitor dark web for potential misuse of exposed data.Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Conduct regular phishing/social engineering simulations for employees., Enhance transparency in breach disclosures to address public concerns about data sensitivity., Monitor dark web for potential misuse of exposed data.Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Conduct regular phishing/social engineering simulations for employees., Enhance transparency in breach disclosures to address public concerns about data sensitivity., Monitor dark web for potential misuse of exposed data.

Incident : Data Breach DOO5593355112025

Recommendations: Implement Multi-Factor Authentication (MFA) for employee accounts to reduce phishing risks., Conduct regular security awareness training focused on social engineering tactics., Monitor dark web for exposed data and offer identity protection services to affected users if needed., Review and update incident response plans to ensure swift containment and communication.Implement Multi-Factor Authentication (MFA) for employee accounts to reduce phishing risks., Conduct regular security awareness training focused on social engineering tactics., Monitor dark web for exposed data and offer identity protection services to affected users if needed., Review and update incident response plans to ensure swift containment and communication.Implement Multi-Factor Authentication (MFA) for employee accounts to reduce phishing risks., Conduct regular security awareness training focused on social engineering tactics., Monitor dark web for exposed data and offer identity protection services to affected users if needed., Review and update incident response plans to ensure swift containment and communication.Implement Multi-Factor Authentication (MFA) for employee accounts to reduce phishing risks., Conduct regular security awareness training focused on social engineering tactics., Monitor dark web for exposed data and offer identity protection services to affected users if needed., Review and update incident response plans to ensure swift containment and communication.

Incident : Data Breach DOO5203452112125

Recommendations: Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.

Incident : Data Breach DOO3603136112725

Recommendations: Implement stricter access controls and social engineering awareness programs., Accelerate breach disclosure timelines to comply with best practices (e.g., GDPR’s 72-hour rule)., Offer free credit monitoring services to affected customers., Enforce mandatory 2FA for all user accounts., Conduct third-party audits of security protocols to prevent recurrence.Implement stricter access controls and social engineering awareness programs., Accelerate breach disclosure timelines to comply with best practices (e.g., GDPR’s 72-hour rule)., Offer free credit monitoring services to affected customers., Enforce mandatory 2FA for all user accounts., Conduct third-party audits of security protocols to prevent recurrence.Implement stricter access controls and social engineering awareness programs., Accelerate breach disclosure timelines to comply with best practices (e.g., GDPR’s 72-hour rule)., Offer free credit monitoring services to affected customers., Enforce mandatory 2FA for all user accounts., Conduct third-party audits of security protocols to prevent recurrence.Implement stricter access controls and social engineering awareness programs., Accelerate breach disclosure timelines to comply with best practices (e.g., GDPR’s 72-hour rule)., Offer free credit monitoring services to affected customers., Enforce mandatory 2FA for all user accounts., Conduct third-party audits of security protocols to prevent recurrence.Implement stricter access controls and social engineering awareness programs., Accelerate breach disclosure timelines to comply with best practices (e.g., GDPR’s 72-hour rule)., Offer free credit monitoring services to affected customers., Enforce mandatory 2FA for all user accounts., Conduct third-party audits of security protocols to prevent recurrence.

Incident : Data Breach DOO4104241112725

Recommendations: Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.

What are the key lessons learned from past incidents ?

Key Lessons Learned: The key lessons learned from past incidents are Importance of Timely Vulnerability Triage and Patch Management,Need for Clear Communication Channels Between Researchers and Companies,Risks of Misaligned Expectations in Bug Bounty Programs (Scope vs. Compensation),Ethical Boundaries in Vulnerability Disclosure (Extortion vs. Good Faith Reporting),Criticality of Input Validation in Customer-Facing Systems (Even 'Non-Critical' Fields Like Budget Names)Supply chain vulnerabilities remain a critical risk vector, especially for third-party vendors with access to credentials.,Social engineering continues to be a dominant attack method, bypassing technical controls.,Contact information (phone numbers, addresses) can enable highly targeted phishing campaigns even without financial data exposure.,Proactive user education and phishing-resistant MFA are essential for mitigating post-breach risks.Importance of robust authentication protocols and employee training to mitigate social engineering risks. Need for clearer communication about the sensitivity of exposed data (e.g., physical addresses).Enhanced employee training is critical to prevent social engineering attacks. Rapid incident response (shutting down access, investigation, and law enforcement notification) helps mitigate damage. Proactive customer communication (e.g., helpline) builds trust post-breach.Human error remains a critical vulnerability; robust employee training and MFA enforcement are essential.,Third-party risk management requires stricter controls, especially in gig economy platforms with vast PII repositories.,Proactive measures (e.g., zero-trust architectures, AI-driven anomaly detection) are needed to prevent recurring breaches.,Data minimization strategies can reduce breach impacts by limiting stored PII.Social engineering remains a critical vulnerability; employee training is essential.,Delayed breach notifications erode customer trust and increase risks (e.g., phishing).,Proactive credit monitoring/freezes should be recommended to affected users.,Multi-factor authentication (2FA) is critical for mitigating post-breach account takeovers.Human elements (e.g., social engineering) remain a critical vulnerability despite technical defenses.,Security awareness training alone is insufficient; proactive, AI-driven detection (e.g., UEBA, XDR) is essential to mitigate dwell time.,Legitimate credentials can be weaponized; behavioral analytics are required to detect anomalous activity post-compromise.,Follow-on attacks (e.g., spear phishing) are a major risk when PII is exposed, even without financial data.

What recommendations has the company implemented to improve cybersecurity ?

Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Improve **transparency in breach disclosures**, including timely updates on affected user counts., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Invest in **privacy-by-design frameworks** to embed security into platform architecture., Enhance **data minimization practices** to limit exposure of non-essential PII., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Implement **zero-trust security models** to eliminate implicit trust in users/devices. and Strengthen **third-party vendor security audits** to mitigate supply chain risks..

References

Where can I find more information about each incident ?

Incident : Data Breach DOO622072825

Source: California Office of the Attorney General

Date Accessed: 2019-09-27

Incident : Data Breach DOO231072825

Source: Washington State Office of the Attorney General

Incident : Data Breach DOO5993759111725

Source: DoorDash Official Blog

Incident : Data Breach DOO5993759111725

Source: Verizon Data Breach Investigations Report (DBIR)

URL: https://www.verizon.com/business/resources/reports/dbir/

Incident : Data Breach DOO5993759111725

Source: FBI Internet Crime Complaint Center (IC3)

URL: https://www.ic3.gov/

Incident : Data Breach DOO5993759111725

Source: IBM Cost of a Data Breach Report 2023

URL: https://www.ibm.com/reports/data-breach

Incident : Data Breach DOO5632556111825

Source: DoorDash Notice to Users

Date Accessed: 2023-11-13

Incident : Data Breach DOO5632556111825

Source: Reddit User Discussions

Date Accessed: 2023-11

Incident : Data Breach DOO5632556111825

Source: Shutterstock (Stock Performance Image)

URL: https://www.shutterstock.com

Date Accessed: 2023-11

Incident : Data Breach (Social Engineering) DOO4293042111925

Source: KELO.com

Incident : Data Breach DOO5593355112025

Source: Hudson Valley Post

Incident : Data Breach DOO5203452112125

Source: CT Insider

Incident : Data Breach DOO5203452112125

Source: TechCrunch

Incident : Data Breach DOO5203452112125

Source: USA Today

Incident : Data Breach DOO5203452112125

Source: BleepingComputer

Incident : Data Breach DOO3603136112725

Source: SOPA Images/LightRocket via Getty Images

URL: https://www.gettyimages.com/detail/news-photo/canada-2025-10-17-in-this-photo-illustration-the-doordash-news-photo/1234567890

Date Accessed: 2025-10-17

Incident : Data Breach DOO3603136112725

Source: DoorDash Customer Advisory

Date Accessed: 2025-10-20

Incident : Data Breach DOO4104241112725

Source: Seceon Inc Blog

URL: https://seceon.com/defending-the-enterprise-perimeter-the-lesson-from-the-doordash-social-engineering-breach/

Where can stakeholders find additional resources on cybersecurity best practices ?

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2019-09-27, and Source: Washington State Office of the Attorney General, and Source: BleepingComputerUrl: https://www.bleepingcomputer.com/news/security/doordash-patches-flaw-that-let-anyone-send-official-company-emails/Date Accessed: 2024-11-07, and Source: Researcher's Public Vulnerability Report (doublezero7), and Source: HackerOne Report #2608277Date Accessed: 2024-07-17 (Closed as Informative), and Source: DoorDash Official Blog, and Source: Verizon Data Breach Investigations Report (DBIR)Url: https://www.verizon.com/business/resources/reports/dbir/, and Source: FBI Internet Crime Complaint Center (IC3)Url: https://www.ic3.gov/, and Source: IBM Cost of a Data Breach Report 2023Url: https://www.ibm.com/reports/data-breach, and Source: DoorDash Notice to UsersDate Accessed: 2023-11-13, and Source: Reddit User DiscussionsDate Accessed: 2023-11, and Source: Shutterstock (Stock Performance Image)Url: https://www.shutterstock.comDate Accessed: 2023-11, and Source: KELO.com, and Source: Hudson Valley Post, and Source: CT Insider, and Source: TechCrunch, and Source: USA Today, and Source: BleepingComputer, and Source: SOPA Images/LightRocket via Getty ImagesUrl: https://www.gettyimages.com/detail/news-photo/canada-2025-10-17-in-this-photo-illustration-the-doordash-news-photo/1234567890Date Accessed: 2025-10-17, and Source: DoorDash Customer AdvisoryDate Accessed: 2025-10-20, and Source: Seceon Inc BlogUrl: https://seceon.com/defending-the-enterprise-perimeter-the-lesson-from-the-doordash-social-engineering-breach/.

Investigation Status

What is the current status of the investigation for each incident ?

Incident : Data Breach DOO5993759111725

Investigation Status: Ongoing (collaboration with law enforcement)

Incident : Data Breach DOO5632556111825

Investigation Status: Ongoing (Law Enforcement Involved)

Incident : Data Breach (Social Engineering) DOO4293042111925

Investigation Status: Disclosed (Ongoing or Completed Status Unknown)

Incident : Data Breach DOO5593355112025

Investigation Status: Ongoing (Referred to Law Enforcement)

Incident : Data Breach DOO5203452112125

Investigation Status: Ongoing (in collaboration with external security firms)

Incident : Data Breach DOO3603136112725

Investigation Status: Ongoing (no public updates on root cause analysis)

Incident : Data Breach DOO4104241112725

Investigation Status: Contained (as of November 2025 disclosure)

How does the company communicate the status of incident investigations to stakeholders ?

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified all affected individuals through the mail, Public Statement To Bleepingcomputer, No Direct Customer Notification Mentioned, Public Blog Post, Direct Notifications To Affected Users, Media Statements, Public Notice to Users (November 13, 2023), Public Disclosure via Media (KELO.com), Public Disclosure, Helpline With Reference Code (B155060), Public statements downplaying severity, emails to affected users with mitigation advice (password updates, account monitoring), Email Notifications, Toll-Free Helpline (1-800-833-8030, Ref: B155060), Public Advisory On Phishing Risks, Public Disclosure In November 2025 and Advisory On Compromised Data Types.

Stakeholder and Customer Advisories

Were there any advisories issued to stakeholders or customers for each incident ?

Incident : Data Breach DOO5993759111725

Stakeholder Advisories: Customers, Dashers, And Merchants Advised To Watch For Phishing Attempts Citing Order History Or Delivery Addresses., Official Notifications Will Never Request Passwords Or Full Payment Details..

Customer Advisories: Be wary of texts/calls/emails about the breach asking for clicks or login details.Navigate directly to the DoorDash app/website instead of clicking links.Enable MFA (preferably app-based) and monitor account activity.Check saved payment methods and update reused passwords.

Incident : Data Breach DOO5632556111825

Customer Advisories: Public Notice Issued (November 13, 2023)

Incident : Data Breach (Social Engineering) DOO4293042111925

Customer Advisories: Public Notification via Media (No Direct Advisory Mentioned)

Incident : Data Breach DOO5593355112025

Customer Advisories: Dedicated helpline (1-833-918-8030) with reference code B155060 for inquiries.

Incident : Data Breach DOO5203452112125

Stakeholder Advisories: Users advised to update passwords, monitor accounts, and enable two-factor authentication.

Customer Advisories: Emails sent to affected individuals offering 1 year of free credit monitoring via Experian.

Incident : Data Breach DOO3603136112725

Stakeholder Advisories: Customers Advised To Freeze Credit (Equifax, Transunion, Experian Links Provided)., Warning Against Phishing Calls/Emails Impersonating Doordash., Recommendation To Change Passwords And Enable 2Fa..

Customer Advisories: Credit Freeze Instructions: [{'agency': 'Equifax', 'url': 'https://www.equifax.com/personal/credit-report-services/credit-freeze/'}, {'agency': 'TransUnion', 'url': 'https://www.transunion.com/credit-freeze'}, {'agency': 'Experian', 'url': 'https://www.experian.com/freeze/center.html'}], Free Credit Report Url: https://www.annualcreditreport.com, Helpline: {'number': '1-800-833-8030', 'reference_code': 'B155060'}.

Incident : Data Breach DOO4104241112725

Customer Advisories: Public Notification of Compromised PII (No Financial Data Exposed)

What advisories does the company provide to stakeholders and customers following an incident ?

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customers, Dashers, And Merchants Advised To Watch For Phishing Attempts Citing Order History Or Delivery Addresses., Official Notifications Will Never Request Passwords Or Full Payment Details., Be Wary Of Texts/Calls/Emails About The Breach Asking For Clicks Or Login Details., Navigate Directly To The Doordash App/Website Instead Of Clicking Links., Enable Mfa (Preferably App-Based) And Monitor Account Activity., Check Saved Payment Methods And Update Reused Passwords., , Public Notice Issued (November 13, 2023), Public Notification via Media (No Direct Advisory Mentioned), Dedicated Helpline (1-833-918-8030) With Reference Code B155060 For Inquiries., , Users advised to update passwords, monitor accounts, and enable two-factor authentication., Emails sent to affected individuals offering 1 year of free credit monitoring via Experian., Customers Advised To Freeze Credit (Equifax, Transunion, Experian Links Provided)., Warning Against Phishing Calls/Emails Impersonating Doordash., Recommendation To Change Passwords And Enable 2Fa., credit_freeze_instructions: [{'agency': 'Equifax', 'url': 'https://www.equifax.com/personal/credit-report-services/credit-freeze/'}, {'agency': 'TransUnion', 'url': 'https://www.transunion.com/credit-freeze'}, {'agency': 'Experian', 'url': 'https://www.experian.com/freeze/center.html'}], free_credit_report_url: https://www.annualcreditreport.com, helpline: {'number': '1-800-833-8030', 'reference_code': 'B155060'}, , Public Notification Of Compromised Pii (No Financial Data Exposed) and .

Initial Access Broker

How did the initial access broker gain entry for each incident ?

Incident : Data Breach DOO0162922

Entry Point: Third-party Vendor

Incident : Data Breach DOO5993759111725

Entry Point: Third-party service provider credentials (obtained via social engineering)

Reconnaissance Period: Approximately two weeks before the breach

High Value Targets: Customer Pii, Dasher Partial Payment Data,

Data Sold on Dark Web: Customer Pii, Dasher Partial Payment Data,

Incident : Data Breach DOO5632556111825

Entry Point: Employee (Social Engineering)

High Value Targets: User Data (Dashers And Merchants),

Data Sold on Dark Web: User Data (Dashers And Merchants),

Incident : Data Breach (Social Engineering) DOO4293042111925

Entry Point: Social Engineering (Employee Targeted)

Incident : Data Breach DOO5593355112025

Entry Point: Employee (Social Engineering Scam)

High Value Targets: Customer Database (Contact Details),

Data Sold on Dark Web: Customer Database (Contact Details),

Incident : Data Breach DOO5203452112125

Entry Point: Phishing email targeting a DoorDash employee

High Value Targets: Internal Systems Containing Customer/Dasher/Merchant Pii,

Data Sold on Dark Web: Internal Systems Containing Customer/Dasher/Merchant Pii,

Incident : Data Breach DOO3603136112725

Entry Point: Employee manipulation (social engineering)

High Value Targets: Customer Pii Database,

Data Sold on Dark Web: Customer Pii Database,

Incident : Data Breach DOO4104241112725

Entry Point: Social Engineering (Employee Credential Compromise)

High Value Targets: Customer/Dasher/Merchant Contact Databases,

Data Sold on Dark Web: Customer/Dasher/Merchant Contact Databases,

Post-Incident Analysis

What were the root causes and corrective actions taken for each incident ?

Incident : Data Breach DOO5993759111725

Root Causes: Social Engineering Attack On A Third-Party Vendor Employee Leading To Credential Compromise., Insufficient Safeguards Against Supply Chain Attacks (E.G., Vendor Access Controls)., Lack Of Detection For Unauthorized Access Over A Two-Week Period.,

Corrective Actions: Review And Strengthen Third-Party Vendor Security Protocols., Enhance Monitoring For Unusual Access Patterns., Expand Employee Training On Social Engineering Threats., Implement Stricter Authentication For High-Risk Systems.,

Incident : Data Breach DOO5632556111825

Root Causes: Inadequate Authentication Safeguards For Employee Accounts., Successful Social Engineering Exploit Targeting An Employee.,

Corrective Actions: Reinforced Employee Training On Social Engineering Risks., Strengthened Authentication Protocols (Details Unspecified).,

Incident : Data Breach (Social Engineering) DOO4293042111925

Root Causes: Employee Susceptibility to Social Engineering

Incident : Data Breach DOO5593355112025

Root Causes: Employee Susceptibility To Social Engineering, Inadequate Safeguards Against Phishing/Scams,

Corrective Actions: Enhanced Employee Training, Incident Response Activation, Law Enforcement Collaboration,

Incident : Data Breach DOO5203452112125

Root Causes: Inadequate Employee Training On Social Engineering Tactics., Lack Of Enforced Multi-Factor Authentication (Mfa) For Internal Systems., Systemic Third-Party Risk Management Gaps (Historical Context From 2022 Vendor Breach)., Over-Reliance On Reactive Measures Rather Than Proactive Security Postures.,

Corrective Actions: Enhanced Employee Verification Processes., Partnerships With Security Firms To Audit And Fortify Defenses., Potential Adoption Of Zero-Trust Architectures And Ai-Driven Monitoring (Recommended).,

Incident : Data Breach DOO3603136112725

Root Causes: Inadequate Employee Training On Social Engineering Tactics., Lack Of Multi-Factor Authentication For Internal Systems., Delayed Incident Response And Customer Communication.,

Incident : Data Breach DOO4104241112725

Root Causes: Successful Social Engineering Attack Exploiting Human Trust/Error., Inadequate Real-Time Detection Of Anomalous Behavior Post-Credential Compromise., Over-Reliance On Security Awareness Training Without Technical Controls For Credential Misuse.,

Corrective Actions: Deployment Of Ai-Driven Xdr/Ueba Solutions For Behavioral Analytics., Enhanced Monitoring Of Privileged Access And Data Query Patterns., Automated Response Mechanisms (E.G., Soar) To Reduce Dwell Time., Review Of Identity And Access Management (Iam) Policies For Least-Privilege Enforcement.,

What is the company's process for conducting post-incident analysis ?

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Hackerone (Bug Bounty Platform), , Partnerships with security firms for investigation and defense fortification, Implemented for employee access and unusual activity, Ai-Driven Threat Detection (E.G., Seceon Aixdr Recommended), .

What corrective actions has the company taken based on post-incident analysis ?

Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Patched Input Validation In Doordash For Business Backend, Enhanced Email Template Security (Html Sanitization), Review Of Bug Bounty Program Policies And Scope, Internal Review Of Vulnerability Disclosure Processes, , Review And Strengthen Third-Party Vendor Security Protocols., Enhance Monitoring For Unusual Access Patterns., Expand Employee Training On Social Engineering Threats., Implement Stricter Authentication For High-Risk Systems., , Reinforced Employee Training On Social Engineering Risks., Strengthened Authentication Protocols (Details Unspecified)., , Enhanced Employee Training, Incident Response Activation, Law Enforcement Collaboration, , Enhanced Employee Verification Processes., Partnerships With Security Firms To Audit And Fortify Defenses., Potential Adoption Of Zero-Trust Architectures And Ai-Driven Monitoring (Recommended)., , Deployment Of Ai-Driven Xdr/Ueba Solutions For Behavioral Analytics., Enhanced Monitoring Of Privileged Access And Data Query Patterns., Automated Response Mechanisms (E.G., Soar) To Reduce Dwell Time., Review Of Identity And Access Management (Iam) Policies For Least-Privilege Enforcement., .

Additional Questions

General Information

Who was the attacking group in the last incident ?

Last Attacking Group: The attacking group in the last incident were an Unauthorized User, Unauthorized Individual (Unknown), Unknown (Scammers/Hackers), Unidentified unauthorized third party and Unidentified Scammer (Psychologically Skilled).

Incident Details

What was the most recent incident detected ?

Most Recent Incident Detected: The most recent incident detected was on 2019-09-27.

What was the most recent incident publicly disclosed ?

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-11.

What was the most recent incident resolved ?

Most Recent Incident Resolved: The most recent incident resolved was on 2024-11-03.

Impact of the Incidents

What was the most significant data compromised in an incident ?

Most Significant Data Compromised: The most significant data compromised in an incident were names, email addresses, delivery addresses, phone numbers, basic order information, partial credit card information, , Email Addresses, Delivery Addresses, Order History, Phone Numbers, Hashed and Salted Passwords, Last Four Digits of Credit Cards, Last Four Digits of Bank Accounts, , names, email addresses, phone numbers, hashed passwords, driver's license numbers, , names, email addresses, phone numbers, driver's license numbers, , None, Names, Email Addresses, Phone Numbers, Physical Addresses, Order History Hashes, Last Four Digits of Payment Cards (Dashers only), , Names, Email Addresses, Phone Numbers, Physical Addresses, , Customer Personal Information (Non-Sensitive), , Full Names, Phone Numbers, Email Addresses, Physical Addresses, , Names, Email addresses, Phone numbers, Physical addresses, , Names, Addresses, Phone Numbers, Email Addresses, , Names, Physical Addresses, Email Addresses, Phone Numbers and .

What was the most significant system affected in an incident ?

Most Significant System Affected: The most significant system affected in an incident was DoorDash for Business PlatformEmail Servers ([email protected]) and Internal systems (unspecified).

Response to the Incidents

What third-party assistance was involved in the most recent incident ?

Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was hackerone (bug bounty platform), , Partnerships with security firms for investigation and defense fortification.

What containment measures were taken in the most recent incident ?

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Disabled the vendor's access to their system and contained the incident., Patch Applied to Input Validation in DoorDash for Business BackendHTML Sanitization in Email Templates, Blocked unauthorized access, Immediate Access Revocation, Shut Down Unauthorized Access, Employee verification process enhancementsSystem access reviews and Detection of Intrusion on 2025-10-25Access Containment (Timing Unspecified).

Data Breach Information

What was the most sensitive data compromised in a breach ?

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were delivery addresses, Phone Numbers, driver's license numbers, Last Four Digits of Payment Cards (Dashers only), Full Names, phone numbers, Hashed and Salted Passwords, Order History Hashes, basic order information, Names, Delivery Addresses, hashed passwords, partial credit card information, None, Last Four Digits of Credit Cards, Physical Addresses, email addresses, names, Email Addresses, Addresses, Last Four Digits of Bank Accounts, Physical addresses, Phone numbers, Email addresses, Customer Personal Information (Non-Sensitive) and Order History.

What was the number of records exposed in the most significant breach ?

Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 4.9M.

Regulatory Compliance

What was the most significant legal action taken for a regulatory violation ?

Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Researcher Banned from DoorDash Bug Bounty Program, , Possible (historical context of lawsuits from 2019 breach).

Lessons Learned and Recommendations

What was the most significant lesson learned from past incidents ?

Most Significant Lesson Learned: The most significant lesson learned from past incidents was Follow-on attacks (e.g., spear phishing) are a major risk when PII is exposed, even without financial data.

What was the most significant recommendation implemented to improve cybersecurity ?

Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Monitor dark web for potential misuse of exposed data., Monitor dark web for exposed data and offer identity protection services to affected users if needed., Monitor Dark Web for Exploitation of Similar Vulnerabilities in Competitor Platforms, Invest in **privacy-by-design frameworks** to embed security into platform architecture., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Provide Transparent Timelines for Vulnerability Remediation, Accelerate breach disclosure timelines to comply with best practices (e.g., GDPR’s 72-hour rule)., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce mandatory 2FA for all user accounts., Expand Bug Bounty Program Scope to Include Email-Related Vulnerabilities, Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios., Conduct third-party audits of security protocols to prevent recurrence., Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance transparency in breach disclosures to address public concerns about data sensitivity., Establish Escalation Protocols for Disputed Vulnerability Reports, Train Customer Support on Phishing Risks Stemming from Spoofed Emails, Review and update incident response plans to ensure swift containment and communication., Enhance **data minimization practices** to limit exposure of non-essential PII., Conduct regular security awareness training focused on social engineering tactics., Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Implement Automated Sanitization for All User-Supplied Input in Email Templates, Use unique passwords for different accounts, Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct Regular Security Audits of Business Logic Abuse Vectors, Enforce least-privilege access principles to limit exposure from compromised credentials., Implement stricter access controls and social engineering awareness programs., Implement **zero-trust security models** to eliminate implicit trust in users/devices., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Implement Multi-Factor Authentication (MFA) for employee accounts to reduce phishing risks., Conduct regular phishing/social engineering simulations for employees., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Offer free credit monitoring services to affected customers., Enable two-factor authentication and Strengthen **third-party vendor security audits** to mitigate supply chain risks..

References

What is the most recent source of information about an incident ?

Most Recent Source: The most recent source of information about an incident are Washington State Office of the Attorney General, IBM Cost of a Data Breach Report 2023, KELO.com, TechCrunch, Hudson Valley Post, California Office of the Attorney General, Researcher's Public Vulnerability Report (doublezero7), DoorDash Notice to Users, SOPA Images/LightRocket via Getty Images, HackerOne Report #2608277, Verizon Data Breach Investigations Report (DBIR), DoorDash Official Blog, Seceon Inc Blog, USA Today, Reddit User Discussions, FBI Internet Crime Complaint Center (IC3), Shutterstock (Stock Performance Image), DoorDash Customer Advisory, BleepingComputer and CT Insider.

What is the most recent URL for additional resources on cybersecurity best practices ?

Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.bleepingcomputer.com/news/security/doordash-patches-flaw-that-let-anyone-send-official-company-emails/, https://www.verizon.com/business/resources/reports/dbir/, https://www.ic3.gov/, https://www.ibm.com/reports/data-breach, https://www.shutterstock.com, https://www.gettyimages.com/detail/news-photo/canada-2025-10-17-in-this-photo-illustration-the-doordash-news-photo/1234567890, https://seceon.com/defending-the-enterprise-perimeter-the-lesson-from-the-doordash-social-engineering-breach/ .

Investigation Status

What is the current status of the most recent investigation ?

Current Status of Most Recent Investigation: The current status of the most recent investigation is Resolved (Vulnerability Patched, Disclosure Dispute Ongoing).

Stakeholder and Customer Advisories

What was the most recent stakeholder advisory issued ?

Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Customers, Dashers, and merchants advised to watch for phishing attempts citing order history or delivery addresses., Official notifications will never request passwords or full payment details., Users advised to update passwords, monitor accounts, and enable two-factor authentication., Customers advised to freeze credit (Equifax, TransUnion, Experian links provided)., Warning against phishing calls/emails impersonating DoorDash., Recommendation to change passwords and enable 2FA., .

What was the most recent customer advisory issued ?

Most Recent Customer Advisory: The most recent customer advisory issued were an Be wary of texts/calls/emails about the breach asking for clicks or login details.Navigate directly to the DoorDash app/website instead of clicking links.Enable MFA (preferably app-based) and monitor account activity.Check saved payment methods and update reused passwords., Public Notice Issued (November 13, 2023), Public Notification via Media (No Direct Advisory Mentioned), Dedicated helpline (1-833-918-8030) with reference code B155060 for inquiries., Emails sent to affected individuals offering 1 year of free credit monitoring via Experian., credit_freeze_instructions: [{'agency': 'Equifax', 'url': 'https://www.equifax.com/personal/credit-report-services/credit-freeze/'}, {'agency': 'TransUnion', 'url': 'https://www.transunion.com/credit-freeze'}, {'agency': 'Experian', 'url': 'https://www.experian.com/freeze/center.html'}], free_credit_report_url: https://www.annualcreditreport.com, helpline: {'number': '1-800-833-8030', 'reference_code': 'B155060'}, and Public Notification of Compromised PII (No Financial Data Exposed).

Initial Access Broker

What was the most recent entry point used by an initial access broker ?

Most Recent Entry Point: The most recent entry point used by an initial access broker were an Social Engineering (Employee Targeted), DoorDash for Business Platform (Budget Name Input Field), Third-party Vendor, Employee (Social Engineering), Employee (Social Engineering Scam), Phishing email targeting a DoorDash employee, Third-party service provider credentials (obtained via social engineering), Employee manipulation (social engineering) and Social Engineering (Employee Credential Compromise).

What was the most recent reconnaissance period for an incident ?

Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was 15+ Months (From Initial Report to Patch), Approximately two weeks before the breach.

Post-Incident Analysis

What was the most significant root cause identified in post-incident analysis ?

Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Credential Stuffing, Lack of Input Validation in Budget Name FieldInsufficient Output Encoding in Email TemplatesDelayed Triage of Vulnerability Report (15+ Months)Breakdown in Communication Between Researcher and DoorDashMisalignment on Bug Bounty Program Scope and Compensation, Social engineering attack on a third-party vendor employee leading to credential compromise.Insufficient safeguards against supply chain attacks (e.g., vendor access controls).Lack of detection for unauthorized access over a two-week period., Inadequate authentication safeguards for employee accounts.Successful social engineering exploit targeting an employee., Employee Susceptibility to Social Engineering, Employee susceptibility to social engineeringInadequate safeguards against phishing/scams, Inadequate employee training on social engineering tactics.Lack of enforced multi-factor authentication (MFA) for internal systems.Systemic third-party risk management gaps (historical context from 2022 vendor breach).Over-reliance on reactive measures rather than proactive security postures., Inadequate employee training on social engineering tactics.Lack of multi-factor authentication for internal systems.Delayed incident response and customer communication., Successful social engineering attack exploiting human trust/error.Inadequate real-time detection of anomalous behavior post-credential compromise.Over-reliance on security awareness training without technical controls for credential misuse..

What was the most significant corrective action taken based on post-incident analysis ?

Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Patched Input Validation in DoorDash for Business BackendEnhanced Email Template Security (HTML Sanitization)Review of Bug Bounty Program Policies and ScopeInternal Review of Vulnerability Disclosure Processes, Review and strengthen third-party vendor security protocols.Enhance monitoring for unusual access patterns.Expand employee training on social engineering threats.Implement stricter authentication for high-risk systems., Reinforced employee training on social engineering risks.Strengthened authentication protocols (details unspecified)., Enhanced employee trainingIncident response activationLaw enforcement collaboration, Enhanced employee verification processes.Partnerships with security firms to audit and fortify defenses.Potential adoption of zero-trust architectures and AI-driven monitoring (recommended)., Deployment of AI-driven XDR/UEBA solutions for behavioral analytics.Enhanced monitoring of privileged access and data query patterns.Automated response mechanisms (e.g., SOAR) to reduce dwell time.Review of identity and access management (IAM) policies for least-privilege enforcement..

cve

Latest Global CVEs (Not Company-Specific)

Description

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=doordash-for-business' -H 'apikey: YOUR_API_KEY_HERE'
Try It API Documentation rapidRapid

What Do We Measure ?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo
By Rankiteo
View on G2.com
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
View latest reports → View all security reports →
Users Love Us Badge