DoorDash confirms data breach impacting users’ phone numbers and physical addresses

DoorDash disclosed a data breach that exposed the personal information of an unspecified number of users, which included names, email addresses, phone numbers, and physical addresses.

Even though hackers stole phone numbers and physical addresses, DoorDash said that "the unauthorized third party accessed no sensitive information and we have no indication the data has been misused for fraud or identity theft at this time."

DoorDash said in the post that the breach impacted a mix of customers, delivery workers, and merchants.

Company spokesperson Michelle Babin did not respond when asked to specify exactly how many users were affected by the breach. Instead, Babin sent a statement that largely echoed the blog post about the breach.

The breach originated from an employee falling for a social engineering attack. When the company identified the breach, it shut down the hackers' access to its systems, started an investigation, and reported the incident to law enforcement, according to a post published last week by the company.

DoorDash said no "Social Security numbers, other government-issued identification numbers, driver's license information, or bank or payment card information" were stolen as part of the breach.

The company stated that it has notified the impacted users.

This story has been updated to include DoorDash's spokesperson's response.