Heads up: this post contains affiliate links. If you click through them we may earn a small commission at no cost to you. We only recommend tools and services we've actually tried. Full disclosure →

If your DoorDash account is locked, hacked, or showing charges you didn't make, this guide walks through what's verified about DoorDash's breach history (three confirmed incidents), the fastest support paths for account recovery, and steps to lock down your account afterward. The most recent DoorDash breach was disclosed in November 2025 and is the likely source of many account-takeover attempts in early 2026.

The single most important thing to know: DoorDash has had three publicly confirmed breaches: 2019, 2022, and November 2025. If your account is showing unfamiliar activity, the November 2025 breach is the most likely vector — it exposed names, phone numbers, email addresses, and physical addresses of an estimated 2-4 million users across the US, Canada, Australia, and New Zealand.

DoorDash's confirmed breach history

This information matters because if your account was compromised, you should know which incident likely affected you. All three breaches are publicly confirmed via DoorDash's own disclosures and major news coverage.

November 2025 breach (most recent)

  • Disclosed: Mid-November 2025
  • Cause: Social engineering of a DoorDash employee
  • Records affected: Estimated 2-4 million users (researcher estimates)
  • Data exposed: Names, phone numbers, email addresses, physical addresses
  • Geographic scope: US, Canada, Australia, New Zealand
  • Most likely current threat: Phishing attacks targeting compromised email/phone combinations from this breach

If your account shows account-takeover activity in late 2025 or 2026, this is statistically the most likely source.

August 2022 breach

  • Disclosed: August 2022
  • Cause: Linked to the "0ktapus" / Twilio phishing campaign that affected over 130 organizations
  • Records affected: ~367,000 users (per Have I Been Pwned dataset)
  • Data exposed: Names, emails, delivery addresses, phone numbers (no passwords or full payment card numbers)

September 2019 breach

  • Disclosed: September 26, 2019
  • Cause: Third-party service provider compromise
  • Records affected: ~4.9 million users (customers, Dashers, and merchants)
  • Data exposed: Names, emails, delivery addresses, phone numbers, hashed passwords, last 4 digits of payment cards (some users), and 100,000 driver's license numbers (Dashers only)

What to do RIGHT NOW if your account is hacked

Time matters. Work through this in order:

Step 1 — Lock down your account immediately

  1. Change your DoorDash password if you can still log in. Use a unique password (not reused from any other account).
  2. Change your email password if your DoorDash login email is the same one you use elsewhere — attackers often pivot from DoorDash account access to email.
  3. Sign out of all devices: Account → Settings → Sign Out of All Devices (where supported).

Step 2 — Contact DoorDash support immediately

  • Phone: 855-973-1040 (DoorDash customer support, 24/7 for active fraud situations)
  • In-app chat: Account → Help → Chat
  • Email: support@doordash.com

When you reach support, say: "My account is hacked. I need to secure it now."

Have ready:

  • The email address and phone number on the account
  • The last legitimate order date you placed
  • Any unfamiliar charges (date, amount)
  • Whether you can still access the account

Step 3 — Review and dispute fraudulent charges

  1. Open your DoorDash app → Orders → Order History.
  2. Identify any orders you didn't place. Note dates, amounts, and delivery addresses.
  3. For each fraudulent order, request a refund through DoorDash support.
  4. Separately, contact your card issuer (number on the back of the card) to dispute the charges and ideally freeze or replace the card.
  5. If you have multiple cards on file, remove them via Account → Payment until your account is fully secure (see How to Remove a Payment Method from DoorDash).

Step 4 — Check for account modifications

Hackers often modify the account to maintain access:

  • Email address change: Verify the email on file matches yours
  • Phone number change: Verify the phone on file matches yours
  • Saved addresses: Check Account → Addresses for any unfamiliar delivery addresses
  • Payment methods: Check Account → Payment for any unfamiliar cards added

If anything was modified, DoorDash support can revert changes — provide them with the original details.

Step 5 — File reports

For significant fraud (multiple unauthorized orders, identity theft beyond DoorDash):

  • FTC IdentityTheft.gov — file a report and get a recovery plan
  • Local police — file a report (sometimes required by your card issuer for fraud claims above a threshold)
  • State attorney general (some states have specific consumer-fraud reporting paths)

What to do if your account is locked (not hacked)

DoorDash sometimes locks accounts for fraud-prevention reasons:

  • Multiple failed login attempts — too many wrong password tries triggers a temporary lock
  • Suspicious activity flagged by DoorDash's fraud-detection — unusual order patterns (many orders in a short time, orders from new addresses, high-value orders) can trigger a lock
  • Payment chargebacks — if you disputed a legitimate DoorDash charge with your bank, DoorDash may lock the account
  • Multiple accounts — DoorDash terms allow only one account per person; duplicate accounts may be locked

To unlock:

  1. Use the password reset flow if it's a login lock.
  2. Contact DoorDash support at 855-973-1040 if you believe it's a false-positive fraud lock.
  3. Be ready to verify identity (last legitimate order, payment-method last 4, address on file).

For permanent account closures (not just locks), DoorDash typically requires a separate appeal process, often via written correspondence.

What changes after recovery

What Effect
Account access Restored once support verifies identity
Saved payment methods Re-add any you removed during the lockdown
DashPass subscription Should resume; if it was cancelled mid-incident, contact support
Past orders Stay in history (legitimate ones; fraudulent ones may be removed by support)
Saved addresses May need to verify; remove any that look unfamiliar
Login from new devices DoorDash will trigger 2FA verification

Try Rocket Money's free tier Identifies recurring charges across all your accounts. Bill negotiation is available to all users on a 35-60% success-fee basis. Premium adds Smart Savings, Concierge cancellation, and detailed credit reporting. Try Rocket Money →

Lock down your account going forward

Once you've recovered:

  1. Use a unique password for DoorDash that's not reused anywhere else
  2. Enable 2FA / login alerts where DoorDash supports them (Account → Security)
  3. Use a password manager — easier than memorizing dozens of unique passwords
  4. Be skeptical of "DoorDash" emails and texts — phishing rates spike after every breach. Real DoorDash will never ask for your password
  5. Audit saved payment methods — fewer cards on file = smaller attack surface (see How to Remove a Payment Method from Any App)
  6. Check DashPass billing source if you have an active subscription — see Why is DoorDash Charging Me $9.99?

Class action lawsuits

Multiple class actions followed the 2019 and 2022 DoorDash breaches. Some settled, some consolidated, some remain in litigation. The November 2025 breach is recent enough that follow-on litigation is still in early stages.

If you receive a class-action notice in the mail or by email about a DoorDash breach, it's likely legitimate — read carefully, follow the opt-in/opt-out instructions, and keep a copy. Settlements typically include some combination of monetary compensation, credit monitoring, and identity-theft protection services for affected users.

Phishing red flags

After every breach, attackers use stolen email/phone data to send targeted phishing. Red flags:

  • Emails claiming "your DoorDash account is suspended, click here to verify" — DoorDash never asks you to verify by clicking a suspicious link
  • Texts asking for your password or 2FA code — DoorDash never asks for codes via text
  • Calls claiming to be from DoorDash about "fraud on your account" — hang up; call DoorDash back directly at 855-973-1040
  • DMs on social media claiming to help recover your account — scammers, never legitimate

Tools to monitor your accounts

Rocket Money → — automatically tracks all your recurring charges, including DashPass renewals. Useful for catching fraudulent recurring charges early.

Empower (free) → — free net-worth tracker that aggregates bank, credit card, and brokerage transactions. Catch fraudulent purchases across accounts in one view.

If you've recovered your account and want to keep using DoorDash, the DoorDash app is fine to continue with — just lock it down with the steps above.

Have I Been Pwned check

Visit haveibeenpwned.com and enter your email address. The site tracks public data breaches and will tell you if your email appeared in any DoorDash breach (or any other breach). If your email shows up in DoorDash's 2019, 2022, or November 2025 incidents, take it as confirmation to rotate passwords and watch for phishing.

FAQ

Has DoorDash ever been hacked?

Yes. Three confirmed breaches: 2019 (4.9M users), 2022 (~367K users), and November 2025 (estimated 2-4M users).

How do I contact DoorDash support quickly?

Call 855-973-1040 — 24/7 for fraud situations. In-app chat is also available under Account → Help.

Should I delete my DoorDash account if I was hacked?

Account closure is more drastic than recovery. Most users can secure the account and continue using it. Closure means losing DashPass benefits, order history, and any active rewards.

Will DoorDash refund fraudulent charges?

Typically yes, after support verifies the charges weren't yours. Also dispute with your card issuer as a backup.

Why does DoorDash sometimes lock accounts that weren't hacked?

False-positive fraud detection — unusual order patterns, multiple devices, recent payment-method changes, or recent disputes can trigger locks. Contact support to clear it.

Can I find out which DoorDash breach affected me?

Check haveibeenpwned.com with your email. The site lists which DoorDash breaches your email appeared in.

What information was exposed in each DoorDash breach?

2019: names, emails, addresses, phone numbers, hashed passwords, last 4 of payment cards, 100K driver's license numbers (Dashers). 2022: names, emails, addresses, phone numbers. November 2025: names, phone numbers, emails, physical addresses.

Is DoorDash safe to use after these breaches?

The breaches don't mean ongoing risk if you've changed passwords and watch for phishing. Many high-volume services have suffered breaches; what matters is whether you've taken protective steps post-breach.

Where can I read DoorDash's official breach notifications?

DoorDash typically discloses via blog posts on doordash.com/blog and via direct email to affected users. Major news outlets (TechCrunch, Washington Post, CNN) covered all three incidents.


Related reading:


Important Disclaimers — DoorDash Driver/Dasher Affiliate Disclosure:

Dashers are independent contractors (1099), not DoorDash employees. Becoming a Dasher is subject to background check and availability in your market. Dash availability and the ability to dash anytime are subject to local market demand and any waitlists. DasherDirect is subject to approval. Fast Pay availability and fees apply. Sign-up incentives, earnings boosts (including alcohol-delivery and other Peak Pay opportunities), and any cited dollar amounts vary by market and are not guaranteed: earn more per order as compared to restaurant orders is provider language; actual earnings may differ and depend on factors like number of deliveries you accept and complete, time of day, location, and any costs. Hourly pay is calculated using average Dasher payouts while on a delivery (from the time you accept an order until the time you drop it off) over a 90-day period and includes compensation from tips, peak pay, and other incentives. We may earn an affiliate commission if you sign up to Dash through a link on this page; the application process and pricing are the same. Not financial, legal, or tax advice — consult your own CPA or fiduciary advisor for your specific situation.