Photo: Kenneth Cheung / iStock Unreleased / Getty Images
DoorDash, a prominent online food delivery service, has disclosed a data breach that exposed users' personal information. The breach, confirmed on Thursday (November 13), involved unauthorized access to names, phone numbers, and physical addresses of consumers, gig workers, and merchants. The breach did not affect Social Security numbers, bank details, or payment information.
The company revealed that the breach occurred when a DoorDash employee fell victim to a social engineering scam. According to TechCrunch, the attackers used deceptive tactics to gain access to the data. DoorDash has since informed affected users and reported the incident to law enforcement.
In response to the breach, DoorDash has implemented new security measures, including enhanced training for employees to recognize and prevent social engineering attacks. The company also engaged an external firm to assist in the investigation, as reported by PYMNTS.
The incident highlights the growing threat of social engineering attacks, which exploit human psychology rather than technological vulnerabilities. As noted by LinkedIn, these scams are becoming more sophisticated with the use of artificial intelligence, making them faster and more convincing.
DoorDash assures users that there is no indication of misuse of the accessed data for fraud or identity theft at this time. The company continues to monitor the situation closely and urges users to remain vigilant against potential phishing attempts.