DoorDash

DoorDash operates as a prominent technology platform facilitating food delivery and pickup services. The company connects customers seeking restaurant meals with local establishments and independent delivery drivers, enabling orders to be placed, processed, and fulfilled efficiently through its digital interfaces. Its core service revolves around providing consumers with access to a wide variety of restaurant options delivered directly to their specified locations. DoorDash primarily serves markets within the United States, acting as a central intermediary between diners, restaurants, and delivery contractors.

Headquartered in the United States of America, DoorDash has achieved significant scale, evidenced by the large user base impacted during security incidents. The 2019 breach alone affected approximately 4.9 million users, encompassing customers, delivery personnel (Dashers), and merchants, indicating extensive operational reach. This scale necessitates handling vast amounts of sensitive personal and transactional data daily. Distinguishing attributes include its position as a major facilitator in the on-demand food delivery sector and its reliance on a large network of independent contractors for last-mile logistics. However, its cybersecurity posture has faced significant challenges and public scrutiny.

The organisation has experienced multiple substantial security breaches impacting diverse stakeholders. In 2018, widespread unauthorized account access occurred, attributed by the company to credential stuffing attacks exploiting reused passwords; critics noted the absence of robust countermeasures like two-factor authentication at the time. A major incident disclosed in 2019 compromised extensive personal data for millions, including names, contact details, delivery addresses, order histories, hashed passwords, and for some workers, driver's license numbers and partial financial data. Despite implementing enhanced security measures post-incident, another breach occurred in 2022 when threat actors compromised a third-party vendor's credentials, gaining access to internal tools and exposing customer and employee data including names, email addresses, delivery addresses, phone numbers, basic order details, and partial payment card information. This pattern highlights persistent vulnerabilities associated with third-party dependencies and authentication security within its ecosystem. No explicit information regarding ownership structure or subsidiary relationships beyond the primary operating entity, DoorDash Inc., was provided in the context.