In November 2025, DoorDash confirmed a data breach resulting from a **social engineering attack** targeting an employee. The attacker successfully manipulated the employee into divulging legitimate credentials, granting unauthorized access to internal systems. While DoorDash detected and contained the intrusion on **October 25**, the attackers had already exfiltrated **personal contact information** of customers, Dashers, and merchants—including **names, physical addresses, email addresses, and phone numbers**. Although no highly sensitive data (e.g., Social Security numbers, driver’s licenses, or payment card details) was compromised, the stolen information poses a significant risk for **follow-on attacks** such as spear phishing and vishing. The breach underscores the vulnerability of human elements in cybersecurity, emphasizing the need for **AI-driven threat detection** to mitigate dwell time and prevent data theft from compromised identities.
DoorDash cybersecurity rating report: https://www.rankiteo.com/company/doordash
"id": "DOO4104241112725",
"linkid": "doordash",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Technology / Food Delivery',
'location': 'Global (Primarily USA)',
'name': 'DoorDash',
'type': 'Food Delivery Platform'}],
'attack_vector': ['Social Engineering',
'Phishing (Spear Phishing/Vishing)',
'Compromised Credentials'],
'customer_advisories': ['Public Notification of Compromised PII (No Financial '
'Data Exposed)'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': ['Names',
'Physical Addresses',
'Email Addresses',
'Phone Numbers'],
'sensitivity_of_data': 'Moderate (No Financial/Payment Data '
'or Government IDs)',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)']},
'date_detected': '2025-10-25',
'date_publicly_disclosed': '2025-11',
'description': 'In November 2025, DoorDash disclosed a data breach where an '
'employee fell victim to a social engineering attack, leading '
'to the compromise of customer, Dasher, and merchant personal '
'information. The attackers gained unauthorized access using '
'legitimate credentials obtained via manipulation, bypassing '
'security awareness training. The breach exposed names, '
'physical addresses, email addresses, and phone numbers but '
'did not include sensitive data like Social Security numbers, '
'driver’s license information, or payment card details. The '
'incident underscores the vulnerability of human elements in '
'cybersecurity and the need for AI-driven threat detection to '
'mitigate dwell time and post-compromise risks.',
'impact': {'brand_reputation_impact': 'High (High-Visibility Breach '
'Undermining Trust in Security Posture)',
'data_compromised': ['Names',
'Physical Addresses',
'Email Addresses',
'Phone Numbers'],
'identity_theft_risk': 'Moderate (Exposed PII Could Enable '
'Targeted Scams)',
'operational_impact': 'Potential Increased Risk of Follow-on '
'Attacks (Spear Phishing/Vishing)',
'payment_information_risk': 'None (Confirmed Not Accessed)'},
'initial_access_broker': {'entry_point': 'Social Engineering (Employee '
'Credential Compromise)',
'high_value_targets': ['Customer/Dasher/Merchant '
'Contact Databases']},
'investigation_status': 'Contained (as of November 2025 disclosure)',
'lessons_learned': ['Human elements (e.g., social engineering) remain a '
'critical vulnerability despite technical defenses.',
'Security awareness training alone is insufficient; '
'proactive, AI-driven detection (e.g., UEBA, XDR) is '
'essential to mitigate dwell time.',
'Legitimate credentials can be weaponized; behavioral '
'analytics are required to detect anomalous activity '
'post-compromise.',
'Follow-on attacks (e.g., spear phishing) are a major '
'risk when PII is exposed, even without financial data.'],
'motivation': ['Data Theft for Follow-on Attacks (e.g., Spear Phishing, '
'Vishing)',
'Potential Financial Gain via Stolen Data'],
'post_incident_analysis': {'corrective_actions': ['Deployment of AI-driven '
'XDR/UEBA solutions for '
'behavioral analytics.',
'Enhanced monitoring of '
'privileged access and data '
'query patterns.',
'Automated response '
'mechanisms (e.g., SOAR) to '
'reduce dwell time.',
'Review of identity and '
'access management (IAM) '
'policies for '
'least-privilege '
'enforcement.'],
'root_causes': ['Successful social engineering '
'attack exploiting human '
'trust/error.',
'Inadequate real-time detection of '
'anomalous behavior '
'post-credential compromise.',
'Over-reliance on security '
'awareness training without '
'technical controls for credential '
'misuse.']},
'recommendations': ['Implement AI-driven Extended Detection and Response '
'(XDR) platforms (e.g., Seceon aiXDR) for real-time '
'anomaly detection and automated containment.',
'Enhance User and Entity Behavior Analytics (UEBA) to '
'baseline normal activity and flag deviations (e.g., '
'unusual access times, data queries).',
'Adopt dynamic threat modeling to correlate suspicious '
'events across endpoints, networks, and identities.',
'Integrate Security Orchestration, Automation, and '
'Response (SOAR) to automate containment (e.g., isolating '
'compromised accounts).',
'Shift from perimeter-focused defenses to proactive, '
'predictive security postures that assume breach '
'scenarios.',
'Conduct regular red team exercises to test resilience '
'against social engineering and post-compromise '
'scenarios.'],
'references': [{'source': 'Seceon Inc Blog',
'url': 'https://seceon.com/defending-the-enterprise-perimeter-the-lesson-from-the-doordash-social-engineering-breach/'}],
'response': {'communication_strategy': ['Public Disclosure in November 2025',
'Advisory on Compromised Data Types'],
'containment_measures': ['Detection of Intrusion on 2025-10-25',
'Access Containment (Timing '
'Unspecified)'],
'enhanced_monitoring': ['AI-Driven Threat Detection (e.g., '
'Seceon aiXDR Recommended)'],
'incident_response_plan_activated': True},
'title': 'DoorDash Social Engineering Data Breach (2025)',
'type': ['Data Breach', 'Social Engineering', 'Credential Compromise'],
'vulnerability_exploited': 'Human Trust and Error (Bypassed Security '
'Awareness Training)'}