CANADA – 2025/10/17: In this photo illustration, the DoorDash (Door Dash) logo is seen displayed on a smartphone screen. (Photo Illustration by Thomas Fuller/SOPA Images/LightRocket via Getty Images)
SOPA Images/LightRocket via Getty Images
Doordash, the food delivery app, suffered a major data breach in October but took 19 days before it notified millions of its customers by email that personal information of theirs had been compromised. The compromised information consisted of names, addresses, phone numbers and email addresses and while this information is not as sensitive as Social Security numbers or credit card numbers, it still puts victims of the data breach in danger of carefully crafted spear phishing emails, text messages and phone calls that use the stolen information to appear legitimate and lure their victims into becoming scam victims by tricking them into providing personal information or clicking on malware infected links.
The data breach was not the result of a computer hacking, but rather social engineering in which a psychologically skilled scammer convinced a DoorDash employee to give him access to the company’s data. This is the third major data breach suffered by DoorDash since 2019.
CREDIT FREEZE
As for the victims of these data breaches, the first thing they should do is freeze their credit if they have not already done so. Freezing your credit is something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at each of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
Equifax
TransUnion
Experian
CREDIT MONITORING
Everyone also should monitor their credit reports regularly for indications of identity theft. The three major credit reporting agencies now provide free weekly access to your credit reports so you can monitor your credit reports easily on your own. Here is the only link to use to get your free credit reports. Some scammers have websites that appear to offer “free” credit reports, but if you read the fine print, you often may find that you have signed up for unnecessary services.
Finally, be wary of anyone who calls you asking for personal information about any data breach as that is a favorite tactic of hackers to lure you into providing personal information that can lead to your becoming a victim of identity theft. Scammers often pose as the breached company and contact victims of the data breach to convince them to provide personal information. Trust me, you can’t trust anyone. Even if it appears you are being contacted by DoorDash, it is risky to trust any such communication that asks you to click on a link or provide personal information. Instead, you can access your DoorDash account through the app or the official DoorDash website rather than take the risk of clicking on a link in what may be a spear phishing email.
This also would be a good time to both change your DoorDash password and enable dual factor authentication if you have not already done so for your DoorDash account. Frankly, it is a good idea to use dual factor authentication on all your accounts which will provide additional protection even if the password to your account is compromised in a data breach.
If you have questions about the data breach, you can call DoorDash’s toll-free number 1-800-833-8030 and use reference code B155060.