DoorDash Breach Exposes User Contact Data After Social Engineering
Category:Threat Alerts
DoorDash disclosed a breach after an employee fell victim to a social engineering attack, enabling unauthorized access to internal systems. Attackers obtained names, addresses, emails, and phone numbers across multiple regions including the U.S., Canada, Australia, and New Zealand. While no financial or government ID data was taken, the exposed contact data increases risk of phishing and smishing attacks, linked to T1566 (Phishing) and T1589 (Identity Information Gathering). Notification delays from October 25 to November 13 raised compliance concerns, with users questioning adherence to breach-reporting laws. DoorDash hired a forensic firm and improved internal security training, marking its third major security incident since 2019.
CORTEX Protocol Intelligence Assessment
Business Impact: Contact data exposure increases risk of targeted fraud and class-action litigation due to delayed notification. Reputational damage affects customer trust. Technical Context: Attackers leveraged social engineering to bypass technical controls, highlighting human-layer weaknesses.
Strategic Intelligence Guidance
- Enforce phishing-resistant MFA for internal users.
- Deploy behavior-based detection for suspicious account access.
- Conduct mandatory anti-social-engineering training.
- Validate breach-notification workflows for regulatory timelines.
Vendors
Threats
Targets
Intelligence Source: DoorDash Breach Exposes User Contact Data After Social Engineering | Nov 16, 2025