DoorDash
Company Details
Linkedin ID:
doordash
Website:
Employees number:
74,124
Number of followers:
1,424,762
NAICS:
5112
Industry Type:
Homepage:
careersatdoordash.com
IP Addresses:
0
Company ID:
DOO_2000439
Scan Status:
In-progress
DoorDash Company CyberSecurity Posture
careersatdoordash.com
At DoorDash, our mission to empower local economies shapes how our team members move quickly and always learn and reiterate to support merchants, Dashers and the communities we serve. We are a technology and logistics company that started with door-to-door delivery, and we are looking for team members who can help us go from a company that is known for delivering food to a company that people turn to for any and all goods. DoorDash is growing rapidly and changing constantly, which gives our team members the opportunity to share their unique perspectives, solve new challenges, and own their careers. Our leaders seek the truth and welcome big, hairy, audacious questions. We are grounded in our company values, and we make intentional decisions that are both logical and display empathy for our range of users—from Dashers to Merchants to Customers.
DoorDash A.I CyberSecurity Scoring
DoorDash Risk Score (AI oriented)Between 650 and 699
DoorDash
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
DoorDash Global Score (TPRM)XXXX
DoorDash
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
DoorDash Company CyberSecurity News & History
Past Incidents
10
Attack Types
2
| Entity | Type | Severity | Impact | Seen | Blog Details | Incident Details | View |
|---|---|---|---|---|---|---|---|
| DoorDash | Breach | 50 | 1 | 09/2018 | |||
Rankiteo Explanation : Attack without any consequencesDescription: Food delivery startup DoorDash customer's accounts have been hacked. Dozens of people have tweeted that their accounts had been improperly accessed and had fraudulent food deliveries charged to their account. The hackers changed their email addresses. There has been no data breach and that the likely culprit was credential stuffing, in which hackers take lists of stolen usernames and passwords and try them on other sites that may use the same credentials. | |||||||
| DoorDash | Breach | 80 | 4 | 08/2022 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Food delivery firm DoorDash suffered a data breach exposing customer and employee data that was compromised in a cyberattack on Twilio. The threat actor gained access to the company's internal tools using stolen credentials from a third-party vendor that had access to their systems. As a response, they disabled the vendor's access to their system and contained the incident. The exposed information included the names, email addresses, delivery addresses, and phone numbers of consumers. In addition, for a small subset of customers, the hackers accessed basic order information and partial credit card information, including the card type and the last four digits of the card number. | |||||||
| DoorDash | Breach | 85 | 4 | 09/2019 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: DoorDash suffered a data breach after an unauthorized user gained access to the personal information of 4.9 million consumers, Dashers, and merchants. The exposed information included email addresses, delivery addresses, order history, phone numbers, and hashed and salted passwords, last four digits of their credit cards or bank accounts consumers, dashers, and merchants. The company notified all the affected individuals through the mail. | |||||||
| DoorDash, Inc. | Breach | 85 | 4 | 5/2019 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: The California Office of the Attorney General reported on September 27, 2019, that DoorDash, Inc. experienced a data breach on May 4, 2019, involving unauthorized access to user data. Approximately 41,740 California residents were affected, with compromised information including names, email addresses, phone numbers, hashed passwords, and driver's license numbers. | |||||||
| DoorDash | Breach | 85 | 4 | 11/2025 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: DoorDash experienced a data breach affecting **4.9 million customers, drivers (Dashers), and merchants** after an attacker exploited credentials from a **third-party vendor** to gain unauthorized access. Exposed data included **names, email addresses, phone numbers, delivery addresses, order history hashes, and the last four digits of payment cards** for Dashers. While **no full financial details, SSNs, or government IDs were compromised**, the leaked contact information heightens risks of **targeted phishing, smishing (SMS scams), and vishing (voice fraud)**, with attackers potentially impersonating DoorDash support or merchants. The breach originated from **social engineering**, tricking an employee into divulging access credentials. DoorDash blocked the intrusion, engaged law enforcement, and began notifying affected users, though no direct fraud or identity theft has been confirmed yet. The incident underscores vulnerabilities in **supply chain attacks** and the persistent threat of human manipulation in breaches. | |||||||
| DoorDash | Breach | 85 | 4 | 6/2019 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: In October 2025, DoorDash suffered a **sophisticated social engineering attack** where an unauthorized third party tricked an employee into granting access to internal systems. The breach compromised **personal information**—including names, email addresses, phone numbers, and physical addresses—of an unspecified number of **customers, delivery workers (Dashers), and merchants**. While DoorDash claimed no 'sensitive' data (e.g., credit cards, SSNs, passwords) was exposed, the leaked details pose risks for **phishing, identity theft, and targeted scams**. The incident mirrors past breaches (2019: 5M users; 2022: driver license numbers), highlighting persistent vulnerabilities in **employee training and third-party risk management**. The company offered **free credit monitoring** but faced criticism for reactive measures. The breach underscores systemic gaps in the gig economy’s cybersecurity, with potential **reputational damage, regulatory scrutiny, and heightened risks for affected users** (e.g., Dashers’ physical safety). | |||||||
| DoorDash | Breach | 85 | 4 | 5/2025 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: A DoorDash employee was targeted in a **social engineering scam**, leading to unauthorized access to some **customer data**. While the breach exposed personal information, officials confirmed that **no ID numbers (e.g., Social Security numbers) or payment details** were compromised. The incident highlights vulnerabilities in employee training and susceptibility to phishing or manipulation tactics, which allowed threat actors to bypass security measures. The exposed data may include names, email addresses, or delivery-related information, but the lack of financial or highly sensitive identifiers reduces the immediate risk of identity theft or fraud. However, the breach still poses reputational harm and potential follow-on attacks, such as targeted phishing campaigns against affected customers. DoorDash has not disclosed the exact number of impacted users, but the incident underscores the ongoing risks of human error in cybersecurity defenses. | |||||||
| DoorDash | Breach | 85 | 4 | 10/2025 | |||
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: In November 2025, DoorDash confirmed a data breach resulting from a **social engineering attack** targeting an employee. The attacker successfully manipulated the employee into divulging legitimate credentials, granting unauthorized access to internal systems. While DoorDash detected and contained the intrusion on **October 25**, the attackers had already exfiltrated **personal contact information** of customers, Dashers, and merchants—including **names, physical addresses, email addresses, and phone numbers**. Although no highly sensitive data (e.g., Social Security numbers, driver’s licenses, or payment card details) was compromised, the stolen information poses a significant risk for **follow-on attacks** such as spear phishing and vishing. The breach underscores the vulnerability of human elements in cybersecurity, emphasizing the need for **AI-driven threat detection** to mitigate dwell time and prevent data theft from compromised identities. | |||||||
| DoorDash | Vulnerability | 50 | 2 | 7/2023 | |||
Rankiteo Explanation : Attack limited on finance or reputation:Description: A vulnerability in **DoorDash’s systems** allowed threat actors to exploit an unpatched flaw in the **DoorDash for Business** platform, enabling them to send **fully branded, official-looking emails** from **[email protected]** by injecting arbitrary HTML into the 'Budget name' input field. This created a **highly convincing phishing channel**, as emails bypassed spam filters and appeared legitimate. The flaw, reported by a researcher in **July 2023**, remained unpatched for **over 15 months** due to disputes over disclosure ethics and financial demands. While no **direct data breach** or **internal system access** occurred, the vulnerability posed a **significant reputational and financial risk** by facilitating **large-scale phishing attacks** targeting customers, merchants, or arbitrary recipients. The company eventually patched the issue in **November 2024** after public pressure, but the researcher was banned from DoorDash’s bug bounty program amid accusations of extortion. The incident highlights tensions between **responsible disclosure** and **corporate response protocols** in cybersecurity. | |||||||
| DoorDash | Breach | 60 | 3 | 10/2025 | |||
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: DoorDash disclosed a **cybersecurity incident** on **November 13**, confirming a **data breach** caused by a **social engineering attack** targeting an employee on **October 25**. The unauthorized access exposed **personal information** of certain users, including **Dashers and merchants**, such as **names, email addresses, phone numbers, and physical addresses**. While DoorDash stated that **no sensitive data (payment details, government IDs, or Social Security numbers)** was compromised and no evidence of misuse (fraud/identity theft) was found, the breach sparked **public backlash** for downplaying the severity of exposed data (e.g., home addresses labeled as 'non-sensitive').The company **revoked access immediately**, notified affected users, and engaged law enforcement. To mitigate future risks, DoorDash is **reinforcing employee training** and **strengthening authentication protocols**. The incident coincides with **stock volatility** (down **21% this month**) and a separate **$18M legal settlement** with Chicago over deceptive business practices, adding to operational and reputational pressures. | |||||||
DoorDash
Breach
Rankiteo Explanation
Attack without any consequences
Description: Food delivery startup DoorDash customer's accounts have been hacked. Dozens of people have tweeted that their accounts had been improperly accessed and had fraudulent food deliveries charged to their account. The hackers changed their email addresses. There has been no data breach and that the likely culprit was credential stuffing, in which hackers take lists of stolen usernames and passwords and try them on other sites that may use the same credentials.
DoorDash
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Food delivery firm DoorDash suffered a data breach exposing customer and employee data that was compromised in a cyberattack on Twilio. The threat actor gained access to the company's internal tools using stolen credentials from a third-party vendor that had access to their systems. As a response, they disabled the vendor's access to their system and contained the incident. The exposed information included the names, email addresses, delivery addresses, and phone numbers of consumers. In addition, for a small subset of customers, the hackers accessed basic order information and partial credit card information, including the card type and the last four digits of the card number.
DoorDash
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: DoorDash suffered a data breach after an unauthorized user gained access to the personal information of 4.9 million consumers, Dashers, and merchants. The exposed information included email addresses, delivery addresses, order history, phone numbers, and hashed and salted passwords, last four digits of their credit cards or bank accounts consumers, dashers, and merchants. The company notified all the affected individuals through the mail.
DoorDash, Inc.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported on September 27, 2019, that DoorDash, Inc. experienced a data breach on May 4, 2019, involving unauthorized access to user data. Approximately 41,740 California residents were affected, with compromised information including names, email addresses, phone numbers, hashed passwords, and driver's license numbers.
DoorDash
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: DoorDash experienced a data breach affecting **4.9 million customers, drivers (Dashers), and merchants** after an attacker exploited credentials from a **third-party vendor** to gain unauthorized access. Exposed data included **names, email addresses, phone numbers, delivery addresses, order history hashes, and the last four digits of payment cards** for Dashers. While **no full financial details, SSNs, or government IDs were compromised**, the leaked contact information heightens risks of **targeted phishing, smishing (SMS scams), and vishing (voice fraud)**, with attackers potentially impersonating DoorDash support or merchants. The breach originated from **social engineering**, tricking an employee into divulging access credentials. DoorDash blocked the intrusion, engaged law enforcement, and began notifying affected users, though no direct fraud or identity theft has been confirmed yet. The incident underscores vulnerabilities in **supply chain attacks** and the persistent threat of human manipulation in breaches.
DoorDash
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In October 2025, DoorDash suffered a **sophisticated social engineering attack** where an unauthorized third party tricked an employee into granting access to internal systems. The breach compromised **personal information**—including names, email addresses, phone numbers, and physical addresses—of an unspecified number of **customers, delivery workers (Dashers), and merchants**. While DoorDash claimed no 'sensitive' data (e.g., credit cards, SSNs, passwords) was exposed, the leaked details pose risks for **phishing, identity theft, and targeted scams**. The incident mirrors past breaches (2019: 5M users; 2022: driver license numbers), highlighting persistent vulnerabilities in **employee training and third-party risk management**. The company offered **free credit monitoring** but faced criticism for reactive measures. The breach underscores systemic gaps in the gig economy’s cybersecurity, with potential **reputational damage, regulatory scrutiny, and heightened risks for affected users** (e.g., Dashers’ physical safety).
DoorDash
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A DoorDash employee was targeted in a **social engineering scam**, leading to unauthorized access to some **customer data**. While the breach exposed personal information, officials confirmed that **no ID numbers (e.g., Social Security numbers) or payment details** were compromised. The incident highlights vulnerabilities in employee training and susceptibility to phishing or manipulation tactics, which allowed threat actors to bypass security measures. The exposed data may include names, email addresses, or delivery-related information, but the lack of financial or highly sensitive identifiers reduces the immediate risk of identity theft or fraud. However, the breach still poses reputational harm and potential follow-on attacks, such as targeted phishing campaigns against affected customers. DoorDash has not disclosed the exact number of impacted users, but the incident underscores the ongoing risks of human error in cybersecurity defenses.
DoorDash
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In November 2025, DoorDash confirmed a data breach resulting from a **social engineering attack** targeting an employee. The attacker successfully manipulated the employee into divulging legitimate credentials, granting unauthorized access to internal systems. While DoorDash detected and contained the intrusion on **October 25**, the attackers had already exfiltrated **personal contact information** of customers, Dashers, and merchants—including **names, physical addresses, email addresses, and phone numbers**. Although no highly sensitive data (e.g., Social Security numbers, driver’s licenses, or payment card details) was compromised, the stolen information poses a significant risk for **follow-on attacks** such as spear phishing and vishing. The breach underscores the vulnerability of human elements in cybersecurity, emphasizing the need for **AI-driven threat detection** to mitigate dwell time and prevent data theft from compromised identities.
DoorDash
Vulnerability
Rankiteo Explanation
Attack limited on finance or reputation:
Description: A vulnerability in **DoorDash’s systems** allowed threat actors to exploit an unpatched flaw in the **DoorDash for Business** platform, enabling them to send **fully branded, official-looking emails** from **[email protected]** by injecting arbitrary HTML into the 'Budget name' input field. This created a **highly convincing phishing channel**, as emails bypassed spam filters and appeared legitimate. The flaw, reported by a researcher in **July 2023**, remained unpatched for **over 15 months** due to disputes over disclosure ethics and financial demands. While no **direct data breach** or **internal system access** occurred, the vulnerability posed a **significant reputational and financial risk** by facilitating **large-scale phishing attacks** targeting customers, merchants, or arbitrary recipients. The company eventually patched the issue in **November 2024** after public pressure, but the researcher was banned from DoorDash’s bug bounty program amid accusations of extortion. The incident highlights tensions between **responsible disclosure** and **corporate response protocols** in cybersecurity.
DoorDash
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: DoorDash disclosed a **cybersecurity incident** on **November 13**, confirming a **data breach** caused by a **social engineering attack** targeting an employee on **October 25**. The unauthorized access exposed **personal information** of certain users, including **Dashers and merchants**, such as **names, email addresses, phone numbers, and physical addresses**. While DoorDash stated that **no sensitive data (payment details, government IDs, or Social Security numbers)** was compromised and no evidence of misuse (fraud/identity theft) was found, the breach sparked **public backlash** for downplaying the severity of exposed data (e.g., home addresses labeled as 'non-sensitive').The company **revoked access immediately**, notified affected users, and engaged law enforcement. To mitigate future risks, DoorDash is **reinforcing employee training** and **strengthening authentication protocols**. The incident coincides with **stock volatility** (down **21% this month**) and a separate **$18M legal settlement** with Chicago over deceptive business practices, adding to operational and reputational pressures.
DoorDash Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for DoorDash
Incidents vs Software Development Industry Average (This Year)
DoorDash has 417.24% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
DoorDash has 289.61% more incidents than the average of all companies with at least one recorded incident.
Incident Types DoorDash vs Software Development Industry Avg (This Year)
DoorDash reported 3 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 3 data breaches, compared to industry peers with at least 1 incident.
Incident History — DoorDash (X = Date, Y = Severity)
DoorDash cyber incidents detection timeline including parent company and subsidiaries
DoorDash Company Subsidiaries
At DoorDash, our mission to empower local economies shapes how our team members move quickly and always learn and reiterate to support merchants, Dashers and the communities we serve. We are a technology and logistics company that started with door-to-door delivery, and we are looking for team members who can help us go from a company that is known for delivering food to a company that people turn to for any and all goods. DoorDash is growing rapidly and changing constantly, which gives our team members the opportunity to share their unique perspectives, solve new challenges, and own their careers. Our leaders seek the truth and welcome big, hairy, audacious questions. We are grounded in our company values, and we make intentional decisions that are both logical and display empathy for our range of users—from Dashers to Merchants to Customers.
Loading...
DoorDash Similar Companies
Broadcom Software
Broadcom Software modernizes, optimizes, and protects the world’s most complex hybrid environments. We are a global software leader delivering a comprehensive portfolio of industry-leading business-critical software enabling scalability, agility and security for the largest global companies in the w
Alibaba.com
The first business of Alibaba Group, Alibaba.com (www.alibaba.com) is the leading platform for global wholesale trade serving millions of buyers and suppliers around the world. Through Alibaba.com, small businesses can sell their products to companies in other countries. Sellers on Alibaba.com are t
DiDi
DiDi Global Inc. is a leading mobility technology platform. It offers a wide range of app-based services across Asia Pacific, Latin America, and other global markets, including ride hailing, taxi hailing, designated driving, hitch and other forms of shared mobility as well as certain energy and vehi
Databricks is the Data and AI company. More than 10,000 organizations worldwide — including Block, Comcast, Condé Nast, Rivian, Shell and over 60% of the Fortune 500 — rely on the Databricks Data Intelligence Platform to take control of their data and put it to work with AI. Databricks is headquarte
JD.COM
JD.com, also known as JINGDONG, is a leading e-commerce company transferring to be a technology and service enterprise with supply chain at its core. JD.com’s business has expanded across retail, technology, logistics, health, property development, industrials, and international business. Ranking 44
Microsoft
Every company has a mission. What's ours? To empower every person and every organization to achieve more. We believe technology can and should be a force for good and that meaningful innovation contributes to a brighter world in the future and today. Our culture doesn’t just encourage curiosity; it
Workday is a leading provider of enterprise cloud applications for finance and human resources, helping customers adapt and thrive in a changing world. Workday applications for financial management, human resources, planning, spend management, and analytics are built with artificial intelligence and
Bosch Global Software Technologies
With our unique ability to offer end-to-end solutions that connect the three pillars of IoT - Sensors, Software, and Services, we enable businesses to move from the traditional to the digital, or improve businesses by introducing a digital element in their products and processes. Now more than ever
IDEMIA Group unlocks simpler and safer ways to pay, connect, access, identify, travel and protect public places. With its long-standing expertise in biometrics and cryptography, IDEMIA develops technologies of excellence with an impactful, ethical, and socially responsible approach. Every day, IDEMI
.png)
DoorDash CyberSecurity News
November 24, 2025 10:45 AM
DoorDash Faces Data Breach Impacting Millions of Users
DoorDash, the popular food delivery service, has confirmed that a cyber attack has compromised the personal data of millions of users.
November 24, 2025 08:00 AM
DoorDash breach exposes contact info for customers and workers
DoorDash confirmed a data breach exposing names, email addresses, phone numbers and physical addresses of customers, delivery workers and...
November 24, 2025 08:00 AM
DoorDash Data Disaster—Millions Now Exposed
Millions of Americans are now at risk of scams and identity theft after a massive data breach exposed their personal contact information...
November 21, 2025 08:00 AM
DoorDash Confirms Data Breach After Social Engineering Attack on Employee
DoorDash has confirmed a data breach that exposed customer, Dasher, and merchant information after an employee fell victim to a compelling...
November 20, 2025 08:00 AM
DoorDash Data Breach Exposes Customer Info After Employee Scam
DoorDash has confirmed a data breach caused by a social engineering attack that exposed customer information but stopped short of leaking...
November 20, 2025 08:00 AM
DoorDash 2025 Data Breach Exposes Customer Info in Social Engineering Attack
In the fast-paced world of food delivery, where convenience is king, DoorDash has long positioned itself as a leader, serving millions...
November 19, 2025 01:48 PM
Data Breach Exposes Personal Info Of DoorDash Customers, Drivers: What To Know
Users and delivery workers for DoorDash had some of their personal information stolen in a large data breach.DoorDash confirmed the.
November 19, 2025 08:00 AM
DoorDash reports cybersecurity incident; Assures no sensitive data compromised
DoorDash reports cybersecurity incident; Assures no sensitive data compromised ... NATIONWIDE – DoorDash announced today, November 13, 2025, that...
November 19, 2025 07:17 AM
DoorDash Cybersecurity Incident Exposes User Data
Following the DoorDash cybersecurity incident, the company implemented several measures to strengthen its cybersecurity posture.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
DoorDash CyberSecurity History Information
Official Website of DoorDash
The official website of DoorDash is https://careersatdoordash.com/.
DoorDash’s AI-Generated Cybersecurity Score
According to Rankiteo, DoorDash’s AI-generated cybersecurity score is 650, reflecting their Weak security posture.
How many security badges does DoorDash’ have ?
According to Rankiteo, DoorDash currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does DoorDash have SOC 2 Type 1 certification ?
According to Rankiteo, DoorDash is not certified under SOC 2 Type 1.
Does DoorDash have SOC 2 Type 2 certification ?
According to Rankiteo, DoorDash does not hold a SOC 2 Type 2 certification.
Does DoorDash comply with GDPR ?
According to Rankiteo, DoorDash is not listed as GDPR compliant.
Does DoorDash have PCI DSS certification ?
According to Rankiteo, DoorDash does not currently maintain PCI DSS compliance.
Does DoorDash comply with HIPAA ?
According to Rankiteo, DoorDash is not compliant with HIPAA regulations.
Does DoorDash have ISO 27001 certification ?
According to Rankiteo,DoorDash is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of DoorDash
DoorDash operates primarily in the Software Development industry.
Number of Employees at DoorDash
DoorDash employs approximately 74,124 people worldwide.
Subsidiaries Owned by DoorDash
DoorDash presently has no subsidiaries across any sectors.
DoorDash’s LinkedIn Followers
DoorDash’s official LinkedIn profile has approximately 1,424,762 followers.
NAICS Classification of DoorDash
DoorDash is classified under the NAICS code 5112, which corresponds to Software Publishers.
DoorDash’s Presence on Crunchbase
No, DoorDash does not have a profile on Crunchbase.
DoorDash’s Presence on LinkedIn
Yes, DoorDash maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/doordash.
Cybersecurity Incidents Involving DoorDash
As of December 11, 2025, Rankiteo reports that DoorDash has experienced 10 cybersecurity incidents.
Number of Peer and Competitor Companies
DoorDash has an estimated 27,532 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at DoorDash ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Breach.
How does DoorDash detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with disabled the vendor's access to their system and contained the incident., and communication strategy with notified all affected individuals through the mail, and incident response plan activated with yes (after 15+ months of inaction), and third party assistance with hackerone (bug bounty platform), and containment measures with patch applied to input validation in doordash for business backend, containment measures with html sanitization in email templates, and remediation measures with closed vulnerable budget name input field, remediation measures with enhanced email template rendering security, and communication strategy with public statement to bleepingcomputer, communication strategy with no direct customer notification mentioned, and and and containment measures with blocked unauthorized access, and recovery measures with notifying affected users via in-app/email, and communication strategy with public blog post, communication strategy with direct notifications to affected users, communication strategy with media statements, and incident response plan activated with yes (access revoked, users notified), and law enforcement notified with yes (investigation ongoing), and containment measures with immediate access revocation, and remediation measures with reinforced employee training, remediation measures with strengthened authentication protocols, and communication strategy with public notice to users (november 13, 2023), and communication strategy with public disclosure via media (kelo.com), and incident response plan activated with yes (swift action upon discovery), and third party assistance with partnerships with security firms for investigation and defense fortification, and containment measures with employee verification process enhancements, containment measures with system access reviews, and remediation measures with user notifications (email), remediation measures with free credit monitoring via experian (1 year), and communication strategy with public statements downplaying severity, emails to affected users with mitigation advice (password updates, account monitoring), and enhanced monitoring with implemented for employee access and unusual activity, and and containment measures with detection of intrusion on 2025-10-25, containment measures with access containment (timing unspecified), and communication strategy with public disclosure in november 2025, communication strategy with advisory on compromised data types, and enhanced monitoring with ai-driven threat detection (e.g., seceon aixdr recommended)..
Incident Details
Can you provide details on each incident ?
Title: DoorDash Data Breach
Description: DoorDash suffered a data breach exposing customer and employee data that was compromised in a cyberattack on Twilio. The threat actor gained access to the company's internal tools using stolen credentials from a third-party vendor that had access to their systems.
Type: Data Breach
Attack Vector: Stolen Credentials
Vulnerability Exploited: Third-party Vendor Access
Title: DoorDash Data Breach
Description: DoorDash suffered a data breach after an unauthorized user gained access to the personal information of 4.9 million consumers, Dashers, and merchants. The exposed information included email addresses, delivery addresses, order history, phone numbers, and hashed and salted passwords, last four digits of their credit cards or bank accounts consumers, dashers, and merchants. The company notified all the affected individuals through the mail.
Type: Data Breach
Attack Vector: Unauthorized Access
Threat Actor: Unauthorized User
Title: DoorDash Account Hack
Description: Dozens of DoorDash customers reported unauthorized access to their accounts resulting in fraudulent food deliveries and email address changes. The likely cause is credential stuffing using stolen usernames and passwords from other sites.
Type: Account Compromise
Attack Vector: Credential Stuffing
Vulnerability Exploited: Reused Usernames and Passwords
Motivation: FraudFinancial Gain
Title: DoorDash Data Breach
Description: Unauthorized access to user data including names, email addresses, phone numbers, hashed passwords, and driver's license numbers.
Date Detected: 2019-09-27
Date Publicly Disclosed: 2019-09-27
Type: Data Breach
Attack Vector: Unauthorized Access
Title: DoorDash Email Spoofing Vulnerability Enabling Phishing Campaigns
Description: A vulnerability in DoorDash's systems allowed unauthorized users to send 'official' DoorDash-themed emails directly from the company's authorized servers ([email protected]). The flaw, discovered by a pseudonymous researcher (doublezero7), stemmed from an unvalidated input field in the DoorDash for Business platform, enabling HTML injection in email templates. This could be exploited to craft highly convincing phishing emails, targeting not only DoorDash customers and merchants but virtually any recipient. The vulnerability was patched after 15+ months of disclosure disputes between the researcher and DoorDash, with both parties accusing each other of unethical behavior. The flaw did not expose user data or grant access to internal systems but posed a significant phishing risk.
Date Publicly Disclosed: 2024-11-07
Date Resolved: 2024-11-03
Type: Email Spoofing
Attack Vector: Improper Input ValidationStored Cross-Site Scripting (XSS) in Email TemplatesAbuse of Business Logic (Budget Name Field)
Vulnerability Exploited: Stored HTML Injection via Budget Name Input FieldLack of Output Encoding in Email TemplatesInsufficient Email Client-Side Sanitization
Motivation: Potential Financial Gain (Extortion Attempt by Researcher)Phishing/Scam Campaigns (Hypothetical Threat Actors)Reputation Damage (Disclosure Dispute)
Title: DoorDash Data Breach Affecting 4.9 Million Users
Description: Restaurant and food delivery service DoorDash confirmed a data breach affecting 4.9 million customers, drivers, and merchants. An attacker used credentials obtained through a third-party service provider to gain unauthorized access to user data, including names, email addresses, delivery addresses (with phone numbers), order history hashes, and partial payment card details (last four digits). While no financial fraud or identity theft was confirmed, the exposed contact details increase the risk of targeted phishing, smishing, and vishing attacks. DoorDash blocked unauthorized access, notified law enforcement, and began alerting affected accounts.
Type: Data Breach
Attack Vector: Third-Party Vendor CompromiseCredential TheftSocial Engineering
Vulnerability Exploited: Human error (social engineering of third-party employee)
Motivation: Data TheftPotential Fraud Enablement
Title: DoorDash Data Breach via Social Engineering Attack (October 2023)
Description: DoorDash disclosed a cybersecurity incident where an unauthorized person accessed personal information of certain users (including Dashers and merchants) through a social engineering attack targeting an employee. The breach occurred on October 25, 2023, and was publicly disclosed on November 13, 2023. Affected data included names, email addresses, phone numbers, and physical addresses, but no sensitive information like payment details, government IDs, or Social Security numbers was exposed. DoorDash revoked the unauthorized access, notified affected users, and is cooperating with law enforcement. The company is reinforcing employee training and authentication protocols to prevent future incidents.
Date Detected: 2023-10-25
Date Publicly Disclosed: 2023-11-13
Type: Data Breach
Attack Vector: Social Engineering (Employee Targeted)
Vulnerability Exploited: Human Error / Lack of Authentication Protocols
Threat Actor: Unauthorized Individual (Unknown)
Title: DoorDash Employee Falls Victim to Social Engineering Scam, Exposing Customer Data
Description: A DoorDash employee fell victim to a social engineering scam, resulting in unauthorized access to some customer data. Officials confirmed that no ID numbers or payment information was released in the breach.
Type: Data Breach (Social Engineering)
Attack Vector: Social Engineering
Vulnerability Exploited: Human Error (Employee Susceptibility to Social Engineering)
Title: DoorDash Data Breach via Social Engineering Attack (October 2025)
Description: A sophisticated social engineering attack compromised personal information of DoorDash customers, Dashers (delivery workers), and merchants in October 2025. An unauthorized third party tricked a DoorDash employee into granting access to internal systems, exposing names, email addresses, phone numbers, and physical addresses. While DoorDash downplayed the severity (claiming no credit card details, SSNs, or passwords were accessed), experts warn that exposed data can be weaponized for phishing, identity theft, or targeted scams. The breach highlights persistent vulnerabilities in employee training and third-party risk management within the gig economy.
Date Detected: Early October 2025
Date Publicly Disclosed: Mid-November 2025
Type: Data Breach
Attack Vector: Phishing/Social Engineering (employee manipulation to gain internal system access)
Vulnerability Exploited: Human error (employee susceptibility to scams), lack of robust multi-factor authentication (MFA) enforcement
Threat Actor: Unidentified unauthorized third party
Motivation: Data TheftPotential Financial Gain (via phishing/identity theft)Targeted Scams
Title: DoorDash Social Engineering Data Breach (2025)
Description: In November 2025, DoorDash disclosed a data breach where an employee fell victim to a social engineering attack, leading to the compromise of customer, Dasher, and merchant personal information. The attackers gained unauthorized access using legitimate credentials obtained via manipulation, bypassing security awareness training. The breach exposed names, physical addresses, email addresses, and phone numbers but did not include sensitive data like Social Security numbers, driver’s license information, or payment card details. The incident underscores the vulnerability of human elements in cybersecurity and the need for AI-driven threat detection to mitigate dwell time and post-compromise risks.
Date Detected: 2025-10-25
Date Publicly Disclosed: 2025-11
Type: Data Breach
Attack Vector: Social EngineeringPhishing (Spear Phishing/Vishing)Compromised Credentials
Vulnerability Exploited: Human Trust and Error (Bypassed Security Awareness Training)
Motivation: Data Theft for Follow-on Attacks (e.g., Spear Phishing, Vishing)Potential Financial Gain via Stolen Data
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Third-party Vendor, DoorDash for Business Platform (Budget Name Input Field), Third-party service provider credentials (obtained via social engineering), Employee (Social Engineering), Social Engineering (Employee Targeted), Phishing email targeting a DoorDash employee and Social Engineering (Employee Credential Compromise).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach DOO0162922
Data Compromised: Names, Email addresses, Delivery addresses, Phone numbers, Basic order information, Partial credit card information
Incident : Data Breach DOO15123922
Data Compromised: Email addresses, Delivery addresses, Order history, Phone numbers, Hashed and salted passwords, Last four digits of credit cards, Last four digits of bank accounts
Incident : Account Compromise DOO232301022
Customer Complaints: ['Unauthorized account access', 'Fraudulent charges']
Incident : Data Breach DOO622072825
Data Compromised: Names, Email addresses, Phone numbers, Hashed passwords, Driver's license numbers
Incident : Email Spoofing DOO2492524111725
Data Compromised: None
Systems Affected: DoorDash for Business PlatformEmail Servers ([email protected])
Operational Impact: Risk of Phishing Attacks Targeting Customers/Merchants/General PublicDispute Over Vulnerability Disclosure Process
Brand Reputation Impact: Negative Publicity Due to Disclosure DisputePerception of Weak Security PracticesComparison to Uber's 2022 Email Spoofing Flaw
Identity Theft Risk: Low (Required User Interaction via Phishing)
Payment Information Risk: Low (Required User Interaction via Phishing)
Incident : Data Breach DOO5993759111725
Data Compromised: Names, Email addresses, Phone numbers, Physical addresses, Order history hashes, Last four digits of payment cards (dashers only)
Operational Impact: Increased risk of phishing/smishing/vishing attacks; reputational harm; customer notification efforts
Customer Complaints: Expected increase due to phishing risks
Brand Reputation Impact: Moderate (trust erosion, media coverage)
Identity Theft Risk: Low (no SSNs, full payment cards, or government IDs exposed)
Payment Information Risk: Low (only last four digits of payment cards for Dashers)
Incident : Data Breach DOO5632556111825
Data Compromised: Names, Email addresses, Phone numbers, Physical addresses
Operational Impact: Minimal (Access Revoked Immediately)
Customer Complaints: Backlash on Reddit for Downplaying Severity of Exposed Data (e.g., Names and Home Addresses as 'Non-Sensitive')
Brand Reputation Impact: Negative (Criticism for Data Handling, Stock Volatility)
Identity Theft Risk: No Indication of Misuse (as of Disclosure)
Payment Information Risk: None (Payment Information Not Exposed)
Incident : Data Breach (Social Engineering) DOO4293042111925
Data Compromised: Customer personal information (non-sensitive)
Brand Reputation Impact: Potential Negative Impact (Public Disclosure of Breach)
Identity Theft Risk: Low (No ID Numbers or Payment Information Compromised)
Payment Information Risk: None (Officials Confirmed No Payment Information Exposed)
Incident : Data Breach DOO5203452112125
Data Compromised: Names, Email addresses, Phone numbers, Physical addresses
Systems Affected: Internal systems (unspecified)
Operational Impact: Notification process to affected users (mid-to-late November 2025), partnership with security firms for investigation
Revenue Loss: Minor stock dip reported
Brand Reputation Impact: Negative; erosion of trust in gig economy platforms, potential regulatory scrutiny
Legal Liabilities: Possible fines or mandated audits under regulations like CCPA; historical context of lawsuits from 2019 breach
Identity Theft Risk: High (exposed PII can be used for phishing, spear-phishing, or cross-referencing with other databases)
Payment Information Risk: Low (DoorDash confirmed no credit card details or passwords were accessed)
Incident : Data Breach DOO4104241112725
Data Compromised: Names, Physical addresses, Email addresses, Phone numbers
Operational Impact: Potential Increased Risk of Follow-on Attacks (Spear Phishing/Vishing)
Brand Reputation Impact: High (High-Visibility Breach Undermining Trust in Security Posture)
Identity Theft Risk: Moderate (Exposed PII Could Enable Targeted Scams)
Payment Information Risk: None (Confirmed Not Accessed)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Email Addresses, Delivery Addresses, Phone Numbers, Basic Order Information, Partial Credit Card Information, , Email Addresses, Delivery Addresses, Order History, Phone Numbers, Hashed And Salted Passwords, Last Four Digits Of Credit Cards, Last Four Digits Of Bank Accounts, , Names, Email Addresses, Phone Numbers, Hashed Passwords, Driver'S License Numbers, , None, Personal Identifiable Information (Pii), Contact Information, Partial Payment Data, , Personal Information (Pii), , Personal Information (Non-Sensitive), , Personally Identifiable Information (Pii), , Personal Identifiable Information (Pii) and .
Which entities were affected by each incident ?
Incident : Data Breach DOO15123922
Entity Name: DoorDash
Entity Type: Company
Industry: Food Delivery
Customers Affected: 4900000
Incident : Account Compromise DOO232301022
Entity Name: DoorDash
Entity Type: Company
Industry: Food Delivery
Customers Affected: Dozens
Incident : Data Breach DOO622072825
Entity Name: DoorDash, Inc.
Entity Type: Company
Industry: Food Delivery
Location: California
Customers Affected: 41740
Incident : Email Spoofing DOO2492524111725
Entity Name: DoorDash
Entity Type: Food Delivery Platform
Industry: Technology (On-Demand Services)
Location: San Francisco, California, USA
Size: Large (Public Company, ~10,000+ Employees)
Customers Affected: Potentially All DoorDash Users + General Public (via Spoofed Emails)
Incident : Data Breach DOO5993759111725
Entity Name: DoorDash
Entity Type: Food Delivery Platform
Industry: Technology / Logistics
Location: United States (Global Operations)
Customers Affected: 4.9 million (customers, drivers, merchants)
Incident : Data Breach DOO5632556111825
Entity Name: DoorDash
Entity Type: Food Delivery Platform
Industry: Technology / E-Commerce
Location: United States (HQ: San Francisco, CA)
Size: Large (Publicly Traded, NYSE: DASH)
Customers Affected: Certain Users (Dashers and Merchants)
Incident : Data Breach (Social Engineering) DOO4293042111925
Entity Name: DoorDash
Entity Type: Company
Industry: Food Delivery / Technology
Location: United States (Headquarters in San Francisco, CA)
Incident : Data Breach DOO5203452112125
Entity Name: DoorDash
Entity Type: Food Delivery Platform
Industry: Gig Economy / Technology
Location: United States (primary market)
Size: Over 30 million users (customers, Dashers, merchants)
Customers Affected: Unspecified number (potentially large, given user base)
Incident : Data Breach DOO5203452112125
Entity Name: DoorDash Customers
Entity Type: Individuals
Location: Primarily United States
Customers Affected: Personal data exposed
Incident : Data Breach DOO5203452112125
Entity Name: Dashers (Delivery Workers)
Entity Type: Gig Workers
Industry: Food Delivery
Location: United States
Customers Affected: Personal data exposed (including physical addresses, raising safety concerns)
Incident : Data Breach DOO5203452112125
Entity Name: Merchants
Entity Type: Businesses
Industry: Food Service
Location: United States
Customers Affected: Personal/contact data exposed
Incident : Data Breach DOO4104241112725
Entity Name: DoorDash
Entity Type: Food Delivery Platform
Industry: Technology / Food Delivery
Location: Global (Primarily USA)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach DOO0162922
Containment Measures: Disabled the vendor's access to their system and contained the incident.
Incident : Data Breach DOO15123922
Communication Strategy: Notified all affected individuals through the mail
Incident : Email Spoofing DOO2492524111725
Incident Response Plan Activated: Yes (After 15+ Months of Inaction)
Third Party Assistance: Hackerone (Bug Bounty Platform).
Containment Measures: Patch Applied to Input Validation in DoorDash for Business BackendHTML Sanitization in Email Templates
Remediation Measures: Closed Vulnerable Budget Name Input FieldEnhanced Email Template Rendering Security
Communication Strategy: Public Statement to BleepingComputerNo Direct Customer Notification Mentioned
Incident : Data Breach DOO5993759111725
Incident Response Plan Activated: True
Containment Measures: Blocked unauthorized access
Recovery Measures: Notifying affected users via in-app/email
Communication Strategy: Public blog postDirect notifications to affected usersMedia statements
Incident : Data Breach DOO5632556111825
Incident Response Plan Activated: Yes (Access Revoked, Users Notified)
Law Enforcement Notified: Yes (Investigation Ongoing)
Containment Measures: Immediate Access Revocation
Remediation Measures: Reinforced Employee TrainingStrengthened Authentication Protocols
Communication Strategy: Public Notice to Users (November 13, 2023)
Incident : Data Breach (Social Engineering) DOO4293042111925
Communication Strategy: Public Disclosure via Media (KELO.com)
Incident : Data Breach DOO5203452112125
Incident Response Plan Activated: Yes (swift action upon discovery)
Third Party Assistance: Partnerships with security firms for investigation and defense fortification
Containment Measures: Employee verification process enhancementsSystem access reviews
Remediation Measures: User notifications (email)Free credit monitoring via Experian (1 year)
Communication Strategy: Public statements downplaying severity, emails to affected users with mitigation advice (password updates, account monitoring)
Enhanced Monitoring: Implemented for employee access and unusual activity
Incident : Data Breach DOO4104241112725
Incident Response Plan Activated: True
Containment Measures: Detection of Intrusion on 2025-10-25Access Containment (Timing Unspecified)
Communication Strategy: Public Disclosure in November 2025Advisory on Compromised Data Types
Enhanced Monitoring: AI-Driven Threat Detection (e.g., Seceon aiXDR Recommended)
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (After 15+ Months of Inaction), , Yes (Access Revoked, Users Notified), Yes (swift action upon discovery), .
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through HackerOne (Bug Bounty Platform), , Partnerships with security firms for investigation and defense fortification.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach DOO0162922
Type of Data Compromised: Names, Email addresses, Delivery addresses, Phone numbers, Basic order information, Partial credit card information
Personally Identifiable Information: namesemail addressesdelivery addressesphone numbers
Incident : Data Breach DOO15123922
Type of Data Compromised: Email addresses, Delivery addresses, Order history, Phone numbers, Hashed and salted passwords, Last four digits of credit cards, Last four digits of bank accounts
Number of Records Exposed: 4900000
Incident : Data Breach DOO622072825
Type of Data Compromised: Names, Email addresses, Phone numbers, Hashed passwords, Driver's license numbers
Number of Records Exposed: 41740
Sensitivity of Data: High
Incident : Email Spoofing DOO2492524111725
Type of Data Compromised: None
Number of Records Exposed: 0
Sensitivity of Data: None
Data Exfiltration: No
Personally Identifiable Information: None
Incident : Data Breach DOO5993759111725
Type of Data Compromised: Personal identifiable information (pii), Contact information, Partial payment data
Number of Records Exposed: 4.9 million
Sensitivity of Data: Moderate (no full financial or government ID data)
Personally Identifiable Information: NamesEmail AddressesPhone NumbersPhysical Addresses
Incident : Data Breach DOO5632556111825
Type of Data Compromised: Personal information (pii)
Sensitivity of Data: Moderate (No Financial/Payment Data or Government IDs)
Data Exfiltration: Likely (Unauthorized Access Confirmed)
Personally Identifiable Information: NamesEmail AddressesPhone NumbersPhysical Addresses
Incident : Data Breach (Social Engineering) DOO4293042111925
Type of Data Compromised: Personal information (non-sensitive)
Sensitivity of Data: Low (No ID Numbers or Payment Information)
Data Exfiltration: Yes (Some Customer Data Accessed)
Personally Identifiable Information: Partial (Excluding ID Numbers and Payment Information)
Incident : Data Breach DOO5203452112125
Type of Data Compromised: Personally identifiable information (pii)
Number of Records Exposed: Unspecified (potentially large, given 30M+ user base)
Sensitivity of Data: Moderate (no financial data or passwords, but PII can enable phishing/identity theft)
Data Exfiltration: Likely (data accessed by unauthorized party)
Personally Identifiable Information: NamesEmail addressesPhone numbersPhysical addresses
Incident : Data Breach DOO4104241112725
Type of Data Compromised: Personal identifiable information (pii)
Sensitivity of Data: Moderate (No Financial/Payment Data or Government IDs)
Personally Identifiable Information: NamesPhysical AddressesEmail AddressesPhone Numbers
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Closed Vulnerable Budget Name Input Field, Enhanced Email Template Rendering Security, , Reinforced Employee Training, Strengthened Authentication Protocols, , User notifications (email), Free credit monitoring via Experian (1 year), .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by disabled the vendor's access to their system and contained the incident., patch applied to input validation in doordash for business backend, html sanitization in email templates, , blocked unauthorized access, , immediate access revocation, , employee verification process enhancements, system access reviews, , detection of intrusion on 2025-10-25, access containment (timing unspecified) and .
Ransomware Information
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Notifying affected users via in-app/email, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Email Spoofing DOO2492524111725
Legal Actions: Researcher Banned from DoorDash Bug Bounty Program,
Incident : Data Breach DOO5993759111725
Regulatory Notifications: Expected under state breach-notification laws (e.g., California Consumer Privacy Act)
Incident : Data Breach DOO5203452112125
Regulations Violated: Potential violations of California Consumer Privacy Act (CCPA),
Legal Actions: Possible (historical context of lawsuits from 2019 breach)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Researcher Banned from DoorDash Bug Bounty Program, , Possible (historical context of lawsuits from 2019 breach).
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Email Spoofing DOO2492524111725
Lessons Learned: Importance of Timely Vulnerability Triage and Patch Management, Need for Clear Communication Channels Between Researchers and Companies, Risks of Misaligned Expectations in Bug Bounty Programs (Scope vs. Compensation), Ethical Boundaries in Vulnerability Disclosure (Extortion vs. Good Faith Reporting), Criticality of Input Validation in Customer-Facing Systems (Even 'Non-Critical' Fields Like Budget Names)
Incident : Data Breach DOO5993759111725
Lessons Learned: Supply chain vulnerabilities remain a critical risk vector, especially for third-party vendors with access to credentials., Social engineering continues to be a dominant attack method, bypassing technical controls., Contact information (phone numbers, addresses) can enable highly targeted phishing campaigns even without financial data exposure., Proactive user education and phishing-resistant MFA are essential for mitigating post-breach risks.
Incident : Data Breach DOO5632556111825
Lessons Learned: Importance of robust authentication protocols and employee training to mitigate social engineering risks. Need for clearer communication about the sensitivity of exposed data (e.g., physical addresses).
Incident : Data Breach DOO5203452112125
Lessons Learned: Human error remains a critical vulnerability; robust employee training and MFA enforcement are essential., Third-party risk management requires stricter controls, especially in gig economy platforms with vast PII repositories., Proactive measures (e.g., zero-trust architectures, AI-driven anomaly detection) are needed to prevent recurring breaches., Data minimization strategies can reduce breach impacts by limiting stored PII.
Incident : Data Breach DOO4104241112725
Lessons Learned: Human elements (e.g., social engineering) remain a critical vulnerability despite technical defenses., Security awareness training alone is insufficient; proactive, AI-driven detection (e.g., UEBA, XDR) is essential to mitigate dwell time., Legitimate credentials can be weaponized; behavioral analytics are required to detect anomalous activity post-compromise., Follow-on attacks (e.g., spear phishing) are a major risk when PII is exposed, even without financial data.
What recommendations were made to prevent future incidents ?
Incident : Account Compromise DOO232301022
Recommendations: Use unique passwords for different accounts, Enable two-factor authenticationUse unique passwords for different accounts, Enable two-factor authentication
Incident : Email Spoofing DOO2492524111725
Recommendations: Expand Bug Bounty Program Scope to Include Email-Related Vulnerabilities, Implement Automated Sanitization for All User-Supplied Input in Email Templates, Establish Escalation Protocols for Disputed Vulnerability Reports, Provide Transparent Timelines for Vulnerability Remediation, Conduct Regular Security Audits of Business Logic Abuse Vectors, Train Customer Support on Phishing Risks Stemming from Spoofed Emails, Monitor Dark Web for Exploitation of Similar Vulnerabilities in Competitor PlatformsExpand Bug Bounty Program Scope to Include Email-Related Vulnerabilities, Implement Automated Sanitization for All User-Supplied Input in Email Templates, Establish Escalation Protocols for Disputed Vulnerability Reports, Provide Transparent Timelines for Vulnerability Remediation, Conduct Regular Security Audits of Business Logic Abuse Vectors, Train Customer Support on Phishing Risks Stemming from Spoofed Emails, Monitor Dark Web for Exploitation of Similar Vulnerabilities in Competitor PlatformsExpand Bug Bounty Program Scope to Include Email-Related Vulnerabilities, Implement Automated Sanitization for All User-Supplied Input in Email Templates, Establish Escalation Protocols for Disputed Vulnerability Reports, Provide Transparent Timelines for Vulnerability Remediation, Conduct Regular Security Audits of Business Logic Abuse Vectors, Train Customer Support on Phishing Risks Stemming from Spoofed Emails, Monitor Dark Web for Exploitation of Similar Vulnerabilities in Competitor PlatformsExpand Bug Bounty Program Scope to Include Email-Related Vulnerabilities, Implement Automated Sanitization for All User-Supplied Input in Email Templates, Establish Escalation Protocols for Disputed Vulnerability Reports, Provide Transparent Timelines for Vulnerability Remediation, Conduct Regular Security Audits of Business Logic Abuse Vectors, Train Customer Support on Phishing Risks Stemming from Spoofed Emails, Monitor Dark Web for Exploitation of Similar Vulnerabilities in Competitor PlatformsExpand Bug Bounty Program Scope to Include Email-Related Vulnerabilities, Implement Automated Sanitization for All User-Supplied Input in Email Templates, Establish Escalation Protocols for Disputed Vulnerability Reports, Provide Transparent Timelines for Vulnerability Remediation, Conduct Regular Security Audits of Business Logic Abuse Vectors, Train Customer Support on Phishing Risks Stemming from Spoofed Emails, Monitor Dark Web for Exploitation of Similar Vulnerabilities in Competitor PlatformsExpand Bug Bounty Program Scope to Include Email-Related Vulnerabilities, Implement Automated Sanitization for All User-Supplied Input in Email Templates, Establish Escalation Protocols for Disputed Vulnerability Reports, Provide Transparent Timelines for Vulnerability Remediation, Conduct Regular Security Audits of Business Logic Abuse Vectors, Train Customer Support on Phishing Risks Stemming from Spoofed Emails, Monitor Dark Web for Exploitation of Similar Vulnerabilities in Competitor PlatformsExpand Bug Bounty Program Scope to Include Email-Related Vulnerabilities, Implement Automated Sanitization for All User-Supplied Input in Email Templates, Establish Escalation Protocols for Disputed Vulnerability Reports, Provide Transparent Timelines for Vulnerability Remediation, Conduct Regular Security Audits of Business Logic Abuse Vectors, Train Customer Support on Phishing Risks Stemming from Spoofed Emails, Monitor Dark Web for Exploitation of Similar Vulnerabilities in Competitor Platforms
Incident : Data Breach DOO5993759111725
Recommendations: Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Enforce least-privilege access principles to limit exposure from compromised credentials., Conduct regular security awareness training focused on social engineering tactics., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data.
Incident : Data Breach DOO5632556111825
Recommendations: Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Conduct regular phishing/social engineering simulations for employees., Enhance transparency in breach disclosures to address public concerns about data sensitivity., Monitor dark web for potential misuse of exposed data.Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Conduct regular phishing/social engineering simulations for employees., Enhance transparency in breach disclosures to address public concerns about data sensitivity., Monitor dark web for potential misuse of exposed data.Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Conduct regular phishing/social engineering simulations for employees., Enhance transparency in breach disclosures to address public concerns about data sensitivity., Monitor dark web for potential misuse of exposed data.Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Conduct regular phishing/social engineering simulations for employees., Enhance transparency in breach disclosures to address public concerns about data sensitivity., Monitor dark web for potential misuse of exposed data.
Incident : Data Breach DOO5203452112125
Recommendations: Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.Implement **zero-trust security models** to eliminate implicit trust in users/devices., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Enhance **data minimization practices** to limit exposure of non-essential PII., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Invest in **privacy-by-design frameworks** to embed security into platform architecture.
Incident : Data Breach DOO4104241112725
Recommendations: Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios., Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Importance of Timely Vulnerability Triage and Patch Management,Need for Clear Communication Channels Between Researchers and Companies,Risks of Misaligned Expectations in Bug Bounty Programs (Scope vs. Compensation),Ethical Boundaries in Vulnerability Disclosure (Extortion vs. Good Faith Reporting),Criticality of Input Validation in Customer-Facing Systems (Even 'Non-Critical' Fields Like Budget Names)Supply chain vulnerabilities remain a critical risk vector, especially for third-party vendors with access to credentials.,Social engineering continues to be a dominant attack method, bypassing technical controls.,Contact information (phone numbers, addresses) can enable highly targeted phishing campaigns even without financial data exposure.,Proactive user education and phishing-resistant MFA are essential for mitigating post-breach risks.Importance of robust authentication protocols and employee training to mitigate social engineering risks. Need for clearer communication about the sensitivity of exposed data (e.g., physical addresses).Human error remains a critical vulnerability; robust employee training and MFA enforcement are essential.,Third-party risk management requires stricter controls, especially in gig economy platforms with vast PII repositories.,Proactive measures (e.g., zero-trust architectures, AI-driven anomaly detection) are needed to prevent recurring breaches.,Data minimization strategies can reduce breach impacts by limiting stored PII.Human elements (e.g., social engineering) remain a critical vulnerability despite technical defenses.,Security awareness training alone is insufficient; proactive, AI-driven detection (e.g., UEBA, XDR) is essential to mitigate dwell time.,Legitimate credentials can be weaponized; behavioral analytics are required to detect anomalous activity post-compromise.,Follow-on attacks (e.g., spear phishing) are a major risk when PII is exposed, even without financial data.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Invest in **privacy-by-design frameworks** to embed security into platform architecture., Strengthen **third-party vendor security audits** to mitigate supply chain risks., Implement **zero-trust security models** to eliminate implicit trust in users/devices., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Improve **transparency in breach disclosures**, including timely updates on affected user counts. and Enhance **data minimization practices** to limit exposure of non-essential PII..
References
Where can I find more information about each incident ?
Incident : Data Breach DOO622072825
Source: California Office of the Attorney General
Date Accessed: 2019-09-27
Incident : Email Spoofing DOO2492524111725
Source: Researcher's Public Vulnerability Report (doublezero7)
Incident : Email Spoofing DOO2492524111725
Source: HackerOne Report #2608277
Date Accessed: 2024-07-17 (Closed as Informative)
Incident : Data Breach DOO5993759111725
Source: DoorDash Official Blog
Incident : Data Breach DOO5993759111725
Source: Verizon Data Breach Investigations Report (DBIR)
URL: https://www.verizon.com/business/resources/reports/dbir/
Incident : Data Breach DOO5993759111725
Source: FBI Internet Crime Complaint Center (IC3)
URL: https://www.ic3.gov/
Incident : Data Breach DOO5993759111725
Source: IBM Cost of a Data Breach Report 2023
Incident : Data Breach DOO5632556111825
Source: Shutterstock (Stock Performance Image)
URL: https://www.shutterstock.com
Date Accessed: 2023-11
Incident : Data Breach (Social Engineering) DOO4293042111925
Source: KELO.com
Incident : Data Breach DOO5203452112125
Source: CT Insider
Incident : Data Breach DOO5203452112125
Source: TechCrunch
Incident : Data Breach DOO5203452112125
Source: USA Today
Incident : Data Breach DOO5203452112125
Source: BleepingComputer
Incident : Data Breach DOO4104241112725
Source: Seceon Inc Blog
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2019-09-27, and Source: BleepingComputerUrl: https://www.bleepingcomputer.com/news/security/doordash-patches-flaw-that-let-anyone-send-official-company-emails/Date Accessed: 2024-11-07, and Source: Researcher's Public Vulnerability Report (doublezero7), and Source: HackerOne Report #2608277Date Accessed: 2024-07-17 (Closed as Informative), and Source: DoorDash Official Blog, and Source: Verizon Data Breach Investigations Report (DBIR)Url: https://www.verizon.com/business/resources/reports/dbir/, and Source: FBI Internet Crime Complaint Center (IC3)Url: https://www.ic3.gov/, and Source: IBM Cost of a Data Breach Report 2023Url: https://www.ibm.com/reports/data-breach, and Source: DoorDash Notice to UsersDate Accessed: 2023-11-13, and Source: Reddit User DiscussionsDate Accessed: 2023-11, and Source: Shutterstock (Stock Performance Image)Url: https://www.shutterstock.comDate Accessed: 2023-11, and Source: KELO.com, and Source: CT Insider, and Source: TechCrunch, and Source: USA Today, and Source: BleepingComputer, and Source: Seceon Inc BlogUrl: https://seceon.com/defending-the-enterprise-perimeter-the-lesson-from-the-doordash-social-engineering-breach/.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Email Spoofing DOO2492524111725
Investigation Status: Resolved (Vulnerability Patched, Disclosure Dispute Ongoing)
Incident : Data Breach DOO5993759111725
Investigation Status: Ongoing (collaboration with law enforcement)
Incident : Data Breach DOO5632556111825
Investigation Status: Ongoing (Law Enforcement Involved)
Incident : Data Breach (Social Engineering) DOO4293042111925
Investigation Status: Disclosed (Ongoing or Completed Status Unknown)
Incident : Data Breach DOO5203452112125
Investigation Status: Ongoing (in collaboration with external security firms)
Incident : Data Breach DOO4104241112725
Investigation Status: Contained (as of November 2025 disclosure)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified all affected individuals through the mail, Public Statement To Bleepingcomputer, No Direct Customer Notification Mentioned, Public Blog Post, Direct Notifications To Affected Users, Media Statements, Public Notice to Users (November 13, 2023), Public Disclosure via Media (KELO.com), Public statements downplaying severity, emails to affected users with mitigation advice (password updates, account monitoring), Public Disclosure In November 2025 and Advisory On Compromised Data Types.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach DOO5993759111725
Stakeholder Advisories: Customers, Dashers, And Merchants Advised To Watch For Phishing Attempts Citing Order History Or Delivery Addresses., Official Notifications Will Never Request Passwords Or Full Payment Details..
Customer Advisories: Be wary of texts/calls/emails about the breach asking for clicks or login details.Navigate directly to the DoorDash app/website instead of clicking links.Enable MFA (preferably app-based) and monitor account activity.Check saved payment methods and update reused passwords.
Incident : Data Breach DOO5632556111825
Customer Advisories: Public Notice Issued (November 13, 2023)
Incident : Data Breach (Social Engineering) DOO4293042111925
Customer Advisories: Public Notification via Media (No Direct Advisory Mentioned)
Incident : Data Breach DOO5203452112125
Stakeholder Advisories: Users advised to update passwords, monitor accounts, and enable two-factor authentication.
Customer Advisories: Emails sent to affected individuals offering 1 year of free credit monitoring via Experian.
Incident : Data Breach DOO4104241112725
Customer Advisories: Public Notification of Compromised PII (No Financial Data Exposed)
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customers, Dashers, And Merchants Advised To Watch For Phishing Attempts Citing Order History Or Delivery Addresses., Official Notifications Will Never Request Passwords Or Full Payment Details., Be Wary Of Texts/Calls/Emails About The Breach Asking For Clicks Or Login Details., Navigate Directly To The Doordash App/Website Instead Of Clicking Links., Enable Mfa (Preferably App-Based) And Monitor Account Activity., Check Saved Payment Methods And Update Reused Passwords., , Public Notice Issued (November 13, 2023), Public Notification via Media (No Direct Advisory Mentioned), Users advised to update passwords, monitor accounts, and enable two-factor authentication., Emails sent to affected individuals offering 1 year of free credit monitoring via Experian., Public Notification Of Compromised Pii (No Financial Data Exposed) and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach DOO0162922
Entry Point: Third-party Vendor
Incident : Email Spoofing DOO2492524111725
Entry Point: DoorDash for Business Platform (Budget Name Input Field)
Reconnaissance Period: 15+ Months (From Initial Report to Patch)
Backdoors Established: No
High Value Targets: Doordash Customers, Merchants, General Public (Via Spoofed Emails),
Data Sold on Dark Web: Doordash Customers, Merchants, General Public (Via Spoofed Emails),
Incident : Data Breach DOO5993759111725
Entry Point: Third-party service provider credentials (obtained via social engineering)
Reconnaissance Period: Approximately two weeks before the breach
High Value Targets: Customer Pii, Dasher Partial Payment Data,
Data Sold on Dark Web: Customer Pii, Dasher Partial Payment Data,
Incident : Data Breach DOO5632556111825
Entry Point: Employee (Social Engineering)
High Value Targets: User Data (Dashers And Merchants),
Data Sold on Dark Web: User Data (Dashers And Merchants),
Incident : Data Breach (Social Engineering) DOO4293042111925
Entry Point: Social Engineering (Employee Targeted)
Incident : Data Breach DOO5203452112125
Entry Point: Phishing email targeting a DoorDash employee
High Value Targets: Internal Systems Containing Customer/Dasher/Merchant Pii,
Data Sold on Dark Web: Internal Systems Containing Customer/Dasher/Merchant Pii,
Incident : Data Breach DOO4104241112725
Entry Point: Social Engineering (Employee Credential Compromise)
High Value Targets: Customer/Dasher/Merchant Contact Databases,
Data Sold on Dark Web: Customer/Dasher/Merchant Contact Databases,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Account Compromise DOO232301022
Root Causes: Credential Stuffing
Incident : Email Spoofing DOO2492524111725
Root Causes: Lack Of Input Validation In Budget Name Field, Insufficient Output Encoding In Email Templates, Delayed Triage Of Vulnerability Report (15+ Months), Breakdown In Communication Between Researcher And Doordash, Misalignment On Bug Bounty Program Scope And Compensation,
Corrective Actions: Patched Input Validation In Doordash For Business Backend, Enhanced Email Template Security (Html Sanitization), Review Of Bug Bounty Program Policies And Scope, Internal Review Of Vulnerability Disclosure Processes,
Incident : Data Breach DOO5993759111725
Root Causes: Social Engineering Attack On A Third-Party Vendor Employee Leading To Credential Compromise., Insufficient Safeguards Against Supply Chain Attacks (E.G., Vendor Access Controls)., Lack Of Detection For Unauthorized Access Over A Two-Week Period.,
Corrective Actions: Review And Strengthen Third-Party Vendor Security Protocols., Enhance Monitoring For Unusual Access Patterns., Expand Employee Training On Social Engineering Threats., Implement Stricter Authentication For High-Risk Systems.,
Incident : Data Breach DOO5632556111825
Root Causes: Inadequate Authentication Safeguards For Employee Accounts., Successful Social Engineering Exploit Targeting An Employee.,
Corrective Actions: Reinforced Employee Training On Social Engineering Risks., Strengthened Authentication Protocols (Details Unspecified).,
Incident : Data Breach (Social Engineering) DOO4293042111925
Root Causes: Employee Susceptibility to Social Engineering
Incident : Data Breach DOO5203452112125
Root Causes: Inadequate Employee Training On Social Engineering Tactics., Lack Of Enforced Multi-Factor Authentication (Mfa) For Internal Systems., Systemic Third-Party Risk Management Gaps (Historical Context From 2022 Vendor Breach)., Over-Reliance On Reactive Measures Rather Than Proactive Security Postures.,
Corrective Actions: Enhanced Employee Verification Processes., Partnerships With Security Firms To Audit And Fortify Defenses., Potential Adoption Of Zero-Trust Architectures And Ai-Driven Monitoring (Recommended).,
Incident : Data Breach DOO4104241112725
Root Causes: Successful Social Engineering Attack Exploiting Human Trust/Error., Inadequate Real-Time Detection Of Anomalous Behavior Post-Credential Compromise., Over-Reliance On Security Awareness Training Without Technical Controls For Credential Misuse.,
Corrective Actions: Deployment Of Ai-Driven Xdr/Ueba Solutions For Behavioral Analytics., Enhanced Monitoring Of Privileged Access And Data Query Patterns., Automated Response Mechanisms (E.G., Soar) To Reduce Dwell Time., Review Of Identity And Access Management (Iam) Policies For Least-Privilege Enforcement.,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Hackerone (Bug Bounty Platform), , Partnerships with security firms for investigation and defense fortification, Implemented for employee access and unusual activity, Ai-Driven Threat Detection (E.G., Seceon Aixdr Recommended), .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Patched Input Validation In Doordash For Business Backend, Enhanced Email Template Security (Html Sanitization), Review Of Bug Bounty Program Policies And Scope, Internal Review Of Vulnerability Disclosure Processes, , Review And Strengthen Third-Party Vendor Security Protocols., Enhance Monitoring For Unusual Access Patterns., Expand Employee Training On Social Engineering Threats., Implement Stricter Authentication For High-Risk Systems., , Reinforced Employee Training On Social Engineering Risks., Strengthened Authentication Protocols (Details Unspecified)., , Enhanced Employee Verification Processes., Partnerships With Security Firms To Audit And Fortify Defenses., Potential Adoption Of Zero-Trust Architectures And Ai-Driven Monitoring (Recommended)., , Deployment Of Ai-Driven Xdr/Ueba Solutions For Behavioral Analytics., Enhanced Monitoring Of Privileged Access And Data Query Patterns., Automated Response Mechanisms (E.G., Soar) To Reduce Dwell Time., Review Of Identity And Access Management (Iam) Policies For Least-Privilege Enforcement., .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Unauthorized User, Unauthorized Individual (Unknown) and Unidentified unauthorized third party.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2019-09-27.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-11.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2024-11-03.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, email addresses, delivery addresses, phone numbers, basic order information, partial credit card information, , Email Addresses, Delivery Addresses, Order History, Phone Numbers, Hashed and Salted Passwords, Last Four Digits of Credit Cards, Last Four Digits of Bank Accounts, , names, email addresses, phone numbers, hashed passwords, driver's license numbers, , None, Names, Email Addresses, Phone Numbers, Physical Addresses, Order History Hashes, Last Four Digits of Payment Cards (Dashers only), , Names, Email Addresses, Phone Numbers, Physical Addresses, , Customer Personal Information (Non-Sensitive), , Names, Email addresses, Phone numbers, Physical addresses, , Names, Physical Addresses, Email Addresses, Phone Numbers and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was DoorDash for Business PlatformEmail Servers ([email protected]) and Internal systems (unspecified).
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was hackerone (bug bounty platform), , Partnerships with security firms for investigation and defense fortification.
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Disabled the vendor's access to their system and contained the incident., Patch Applied to Input Validation in DoorDash for Business BackendHTML Sanitization in Email Templates, Blocked unauthorized access, Immediate Access Revocation, Employee verification process enhancementsSystem access reviews and Detection of Intrusion on 2025-10-25Access Containment (Timing Unspecified).
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Phone Numbers, None, Last Four Digits of Payment Cards (Dashers only), Order History, Physical Addresses, email addresses, Phone numbers, Order History Hashes, Last Four Digits of Credit Cards, names, Email Addresses, Physical addresses, Customer Personal Information (Non-Sensitive), partial credit card information, Last Four Digits of Bank Accounts, phone numbers, hashed passwords, delivery addresses, driver's license numbers, Names, Email addresses, Delivery Addresses, Hashed and Salted Passwords and basic order information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 4.9M.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Researcher Banned from DoorDash Bug Bounty Program, , Possible (historical context of lawsuits from 2019 breach).
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Follow-on attacks (e.g., spear phishing) are a major risk when PII is exposed, even without financial data.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Expand Bug Bounty Program Scope to Include Email-Related Vulnerabilities, Strengthen **third-party vendor security audits** to mitigate supply chain risks., Conduct **regular phishing/social engineering simulations** to test employee vigilance., Organizations should prepare for secondary attacks (e.g., smishing, vishing) leveraging exposed contact data., Enforce **multi-factor authentication (MFA)** for all employee and third-party access., Conduct regular phishing/social engineering simulations for employees., Monitor for unusual activity in third-party vendor accounts with access to sensitive systems., Improve **transparency in breach disclosures**, including timely updates on affected user counts., Implement multi-factor authentication (MFA) for employee accounts with access to sensitive systems., Enforce least-privilege access principles to limit exposure from compromised credentials., Monitor dark web for potential misuse of exposed data., Invest in **privacy-by-design frameworks** to embed security into platform architecture., Implement **zero-trust security models** to eliminate implicit trust in users/devices., Conduct regular security awareness training focused on social engineering tactics., Conduct Regular Security Audits of Business Logic Abuse Vectors, Integrate Security Orchestration, Automation, and Response (SOAR) to automate containment (e.g., isolating compromised accounts)., Enhance **data minimization practices** to limit exposure of non-essential PII., Enhance User and Entity Behavior Analytics (UEBA) to baseline normal activity and flag deviations (e.g., unusual access times, data queries)., Implement Automated Sanitization for All User-Supplied Input in Email Templates, Conduct regular red team exercises to test resilience against social engineering and post-compromise scenarios., Implement phishing-resistant multifactor authentication (MFA) for all employees and third-party vendors., Establish Escalation Protocols for Disputed Vulnerability Reports, Enable two-factor authentication, Enhance transparency in breach disclosures to address public concerns about data sensitivity., Adopt dynamic threat modeling to correlate suspicious events across endpoints, networks, and identities., Use unique passwords for different accounts, Adopt **AI-driven anomaly detection** to flag unusual access patterns in real time., Monitor Dark Web for Exploitation of Similar Vulnerabilities in Competitor Platforms, Users should: enable app-based MFA (avoid SMS), check account activity for suspicious logins, avoid reusing passwords, and verify unsolicited communications via official channels., Implement AI-driven Extended Detection and Response (XDR) platforms (e.g., Seceon aiXDR) for real-time anomaly detection and automated containment., Train Customer Support on Phishing Risks Stemming from Spoofed Emails, Shift from perimeter-focused defenses to proactive, predictive security postures that assume breach scenarios. and Provide Transparent Timelines for Vulnerability Remediation.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are HackerOne Report #2608277, BleepingComputer, Verizon Data Breach Investigations Report (DBIR), TechCrunch, IBM Cost of a Data Breach Report 2023, Reddit User Discussions, KELO.com, USA Today, California Office of the Attorney General, DoorDash Notice to Users, CT Insider, Seceon Inc Blog, FBI Internet Crime Complaint Center (IC3), Shutterstock (Stock Performance Image), DoorDash Official Blog and Researcher's Public Vulnerability Report (doublezero7).
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.bleepingcomputer.com/news/security/doordash-patches-flaw-that-let-anyone-send-official-company-emails/, https://www.verizon.com/business/resources/reports/dbir/, https://www.ic3.gov/, https://www.ibm.com/reports/data-breach, https://www.shutterstock.com, https://seceon.com/defending-the-enterprise-perimeter-the-lesson-from-the-doordash-social-engineering-breach/ .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Resolved (Vulnerability Patched, Disclosure Dispute Ongoing).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Customers, Dashers, and merchants advised to watch for phishing attempts citing order history or delivery addresses., Official notifications will never request passwords or full payment details., Users advised to update passwords, monitor accounts, and enable two-factor authentication., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Be wary of texts/calls/emails about the breach asking for clicks or login details.Navigate directly to the DoorDash app/website instead of clicking links.Enable MFA (preferably app-based) and monitor account activity.Check saved payment methods and update reused passwords., Public Notice Issued (November 13, 2023), Public Notification via Media (No Direct Advisory Mentioned), Emails sent to affected individuals offering 1 year of free credit monitoring via Experian. and Public Notification of Compromised PII (No Financial Data Exposed).
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Phishing email targeting a DoorDash employee, Third-party service provider credentials (obtained via social engineering), DoorDash for Business Platform (Budget Name Input Field), Social Engineering (Employee Targeted), Third-party Vendor, Social Engineering (Employee Credential Compromise) and Employee (Social Engineering).
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was 15+ Months (From Initial Report to Patch), Approximately two weeks before the breach.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Credential Stuffing, Lack of Input Validation in Budget Name FieldInsufficient Output Encoding in Email TemplatesDelayed Triage of Vulnerability Report (15+ Months)Breakdown in Communication Between Researcher and DoorDashMisalignment on Bug Bounty Program Scope and Compensation, Social engineering attack on a third-party vendor employee leading to credential compromise.Insufficient safeguards against supply chain attacks (e.g., vendor access controls).Lack of detection for unauthorized access over a two-week period., Inadequate authentication safeguards for employee accounts.Successful social engineering exploit targeting an employee., Employee Susceptibility to Social Engineering, Inadequate employee training on social engineering tactics.Lack of enforced multi-factor authentication (MFA) for internal systems.Systemic third-party risk management gaps (historical context from 2022 vendor breach).Over-reliance on reactive measures rather than proactive security postures., Successful social engineering attack exploiting human trust/error.Inadequate real-time detection of anomalous behavior post-credential compromise.Over-reliance on security awareness training without technical controls for credential misuse..
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Patched Input Validation in DoorDash for Business BackendEnhanced Email Template Security (HTML Sanitization)Review of Bug Bounty Program Policies and ScopeInternal Review of Vulnerability Disclosure Processes, Review and strengthen third-party vendor security protocols.Enhance monitoring for unusual access patterns.Expand employee training on social engineering threats.Implement stricter authentication for high-risk systems., Reinforced employee training on social engineering risks.Strengthened authentication protocols (details unspecified)., Enhanced employee verification processes.Partnerships with security firms to audit and fortify defenses.Potential adoption of zero-trust architectures and AI-driven monitoring (recommended)., Deployment of AI-driven XDR/UEBA solutions for behavioral analytics.Enhanced monitoring of privileged access and data query patterns.Automated response mechanisms (e.g., SOAR) to reduce dwell time.Review of identity and access management (IAM) policies for least-privilege enforcement..
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=doordash' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
