DoorDash confirmed a data breach that exposed personal details for a mix of customers, delivery workers and merchants. The stolen information included names, email addresses, phone numbers and physical addresses. The company said it has no evidence of fraud tied to the breach so far, but the event still raises concerns for anyone who uses the service.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

How the DoorDash breach happened

The company traced the incident back to a social engineering attack. An employee fell for a lure that gave hackers access to DoorDash systems. Once the company spotted the breach, it shut down access, launched an investigation and notified law enforcement. DoorDash also directly notified users where required.

Who was affected by the DoorDash breach

DoorDash said the breach impacted a mix of users across its platform. That includes customers, delivery workers and merchants. CyberGuy reached out to DoorDash and a representative provided the following statement to us:

“DoorDash recently identified and shut down a cybersecurity incident in which an unauthorized third party gained access to and took basic contact information for some users whose data is maintained by DoorDash. No sensitive information, such as Social Security numbers or other government-issued identification numbers, driver’s license information, or bank or payment card information, was accessed. The information accessed varied by individual and was limited to names, phone numbers, email addresses, and physical addresses. We have deployed enhanced security measures, implemented additional employee training, and engaged an external cybersecurity firm to support our ongoing investigation. For more information, please visit our Help Center.”

LOOKING FOR A CHEAP CHEESEBURGER? 10 AMERICAN CITIES THAT DELIVER THE BEST MEAL DEALS

If you received an alert from the company, take steps to protect your information. If you use the app but did not get a notice, you should still follow the safety tips below because exposed contact information can lead to scams long after a breach.

How to protect yourself after the DoorDash breach

Even though payment data stayed protected, exposed contact details can still open the door to scams. You can lower your risk with a few smart steps that keep your information safer online.

1) Watch for phishing attempts

Scammers move fast after a breach. They often send fake alerts that look like real DoorDash messages. These emails or texts may claim you need to verify your account or update your payment details. Delete any message that asks for personal information or urges you to click a link. When in doubt, go straight to the official app instead of trusting a message.

2) Use a data removal service

Data brokers collect and resell personal details that scammers often exploit. A data removal service works to pull your information off those sites. This limits your exposure and makes it harder for criminals to target you. It is one of the easiest long-term steps you can take to protect your privacy.

IS YOUR PHONE HACKED? HOW TO TELL AND WHAT TO DO

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

3) Use strong passwords and a password manager

Stronger passwords give you better protection. Create unique passwords for every account so one breach cannot unlock your digital life. A password manager makes this easier by generating secure passwords and storing them safely. It also autofills them, so you spend less time typing.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

4) Turn on multi-factor authentication

Multi-factor authentication (MFA) adds a simple barrier that blocks most break-in attempts. When you turn it on, you confirm each login with a code or app prompt. This keeps your account safe even if someone learns your password. Most major apps let you enable this setting in the Security section.

5) Use strong antivirus protection

Strong antivirus software shields you from malicious links and downloads. It scans files in real time and warns you when something looks dangerous. This gives you an extra layer of defense against phishing attempts that try to install malware.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

6) Review your account activity

It helps to check your DoorDash account for anything unusual. Look at your order history, saved addresses and payment methods. If something looks off, update your password and contact DoorDash support right away. Quick action can stop a small issue from turning into a bigger problem. 

Kurt’s key takeaways

A breach like this reminds us how quickly cybercriminals can exploit a single mistake. DoorDash moved fast to cut off access and confirm the damage, but exposed contact information can still create risks. Staying alert and using basic security habits can help you avoid trouble.

What concerns you most about companies holding your personal information, and how would you like them to handle incidents like this? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com.  All rights reserved.

To call Musk’s DC tenure contentious would be an understatement. As a man accustomed to getting what he wants and functioning as a powerful executive, he swept through Washington with a figurative chainsaw, slashing budgets, firing workers, and making audacious power grabs. Musk’s brash behavior angered government employees and alienated would-be allies, like Secretary of State Marco Rubio and Transportation Secretary Sean Duffy. Eventually, the bad blood reached a fever pitch, and Musk had a minor physical altercation with Treasury Secretary Scott Bessent.

Politico details the stunning fallout. By late May, DOGE and Musk had lost favor with President Trump, and White House aides began pushing back more forcefully against the fledgling government agency. When Musk was officially given a farewell by the White House on May 30th, it also pushed out his right-hand man, Steve Davis.

But Davis, an engineer who had worked closely with Musk for over 20 years, including at DOGE, simply refused to leave. He stepped in to try and take the reins, but this didn’t sit well with many of the remaining DOGE staffers. But others remained loyal, essentially splitting the department in two.

When those uncomfortable with Davis’ leadership, given that he was no longer a government employee, tried to plan for DOGE’s future without him, Davis accused them of staging a coup. The White House quickly rooted out his loyalists, putting an end to Davis’ brief attempt to consolidate control in less than two weeks.

What followed was a series of restructurings, changes in leadership, and ultimately, the end of DOGE as a centralized organization. When Reuters reached out to the White House to ask about the status of DOGE earlier this month, it was told, “that doesn’t exist.”

Musk rode into Washington with big ambitions of slashing government spending by trillions of dollars. Instead, during his brief time in DC, government spending actually increased, and he left behind many burned bridges.

Google is sounding the alarm for Android users after uncovering a wave of fake VPN apps that sneak malware onto phones and tablets. These dangerous apps pose as privacy tools but hide info stealers, banking trojans and remote access malware designed to loot personal data.

More people are relying on VPNs to protect their privacy, secure home networks and shield personal information while using public Wi-Fi. Attackers know this demand is growing. They use it to lure users into downloading convincing VPN lookalikes that contain hidden malware.

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

How fake VPN apps lure users

Cybercriminals create malicious VPN apps that impersonate trusted brands. They use sexually suggestive ads, geopolitical headlines or fake privacy claims to push people into quick downloads. Google says many of these campaigns run across app stores and shady websites.

DELETE THE FAKE VPN APP STEALING ANDROID USERS’ MONEY

Once installed, these apps inject malware that steals passwords, messages and financial details. Attackers can hijack accounts, drain bank balances or lock devices with ransomware. Some campaigns even use professional ad creatives and influencer-style promotions to appear legitimate.

Scammers now use AI tools to design ads, phishing pages and fake brands with alarming speed. This gives them the power to reach large groups of victims with very little effort.

Why malicious VPN apps are spreading

Fake VPN apps remain one of the most effective tools for attackers. These apps request sensitive permissions and often run silently in the background. Once active, they can collect browsing data, cryptocurrency wallet details or private messages.

According to Google, the most dangerous apps pretend to be known enterprise VPNs or premium privacy tools. Many promote themselves through adult ads, push notifications and cloned social media accounts.

How to recognize a genuine VPN app

Google recommends installing VPN services only from trusted sources. In Google Play, legitimate VPNs include a verified VPN badge to show that the app passed an authenticity check.

A real VPN will never ask for access to your contacts, photos or private messages. It will not ask you to sideload updates or follow outside links for installation.

Be careful with free VPN claims. Many free privacy tools rely on excessive data collection or hide malware inside downloadable files.

Ways to stay safe from fake VPN apps

Staying ahead of these fake VPN scams starts with a few smart habits that make your device much harder for attackers to target.

1) Download only from official app stores

Stick to the Google Play Store. Avoid links from ads, pop-ups or messages that try to rush you. Many fake VPN campaigns depend on off-platform downloads because they cannot pass the Play Store security checks.

2) Look for the VPN badge in Google Play

Google now includes a special VPN badge that verifies an app has passed an authenticity review. This badge confirms that the developer followed strict guidelines and that the app went through additional screening.

If you want a reliable VPN that has already been vetted for security and performance, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices at Cyberguy.com.

3) Use a data removal service

Malicious VPN apps often target information already floating around the web, including your email, phone number and personal details exposed through data brokers. A trusted data removal service can help pull your information from people-search sites and broker databases, which reduces the amount of data scammers can use against you. This limits the damage if a fake VPN app steals your info or if attackers try to match stolen data with public records to build convincing scams.

CAN YOU BE TRACKED WHEN USING A VPN?

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

4) Turn on Google Play Protect and use a strong antivirus software

Google Play Protect, which is built-in malware protection for Android devices, automatically removes known malware. However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all emerging malware from Android devices. 

Settings may vary depending on your Android phone’s manufacturer 

How to turn it on: Open Google Play Store → Tap your profile icon → Select Play Protect → Tap Settings → Turn on Scan apps with Play Protect → Turn on Improve harmful app detection.

While Google Play Protect offers a helpful first layer of defense, it is not a full antivirus. A strong antivirus software adds another layer of protection. It can block malicious downloads, detect hidden malware and warn you when an app acts in unusual ways. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

5) Review app permissions carefully

A genuine VPN only needs network-related permissions. If a VPN asks for access to photos, contacts or messages, treat it as a major warning sign. Restrict permissions when possible.

6) Avoid sideloading apps from unknown sources

Sideloaded apps bypass Google’s security filters. Attackers often hide malware inside APK files or update prompts that promise extra features. If you’re unfamiliar with the term, sideloading means installing apps outside the Google Play Store, usually by downloading a file from a website, email or message. These apps never go through Google’s safety checks, which makes them far riskier to install.

7) Watch for aggressive ads and scare tactics

Fake VPN ads often claim your device is already infected or that your connection is not secure. Real privacy apps do not use panic-based marketing.

8) Research the developer before downloading

Look up the developer’s website and reviews. A legitimate VPN provider will have a clear privacy policy, customer support and a consistent history of app updates.

9) Be skeptical of anything labeled free

Free VPNs often rely on risky data practices or hide malware. If a service promises premium features at no cost, question how it pays its bills.

DO YOU NEED A VPN AT HOME? HERE ARE 10 REASONS YOU DO

10) Avoid recovery scams after an attack

If someone contacts you claiming they can recover stolen money, cut contact. Real agencies never demand upfront fees and never request remote access to your device.

11) Keep your device updated

Install security patches as soon as they appear. Updates protect your phone from malware strains that rely on old software vulnerabilities.

Kurt’s key takeaways

Fake VPN apps are becoming a major threat to Android users as scammers exploit the rising demand for privacy tools and home network security. Attackers hide behind familiar logos, aggressive ads and AI-powered campaigns to push apps that steal data the moment you install them. Staying safe requires careful downloading habits, attention to permissions and a healthy amount of skepticism toward anything that claims instant privacy or premium features for free.

Do you think Google should do more to block fake VPN apps in the Play Store? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

Copyright 2025 CyberGuy.com.  All rights reserved.