DoorDash Hack: Inside the Cunning Scheme of a Driver Who Stole $2.5 Million

In a shocking expose, a DoorDash driver was revealed to have orchestrated a massive heist, swindling over $2.5 million from the food delivery platform over several months.

Meet Sayee Chaitainya Reddy Devagiri, the DoorDash driver who thought he could get away with it all. Using his knowledge of the app and its inner workings, Devagiri hatched a plan to fleece the system that had been designed to benefit both drivers and consumers alike.

Devagiri's scheme began when he created a fictional customer account using his own email address, complete with convincing details such as a fake name and address. He then placed expensive orders from this account, reaping the benefits of DoorDash's lucrative delivery fees.

But that was just the beginning. Devagiri used stolen employee credentials to access DoorDash's system, manipulating the app's logic to his advantage. By manually assigning these orders to driver accounts he had set up, including his own, Devagiri could reap even more rewards from the scheme.

The game of cat and mouse between Devagiri and DoorDash continued as he would mark undelivered orders as complete and prompt the system to pay his driver account. But in a clever twist, Devagiri would then switch these same orders back to "in process," effectively setting himself up for another round.

"It took less than five minutes, and was repeated hundreds of times for many of the orders," revealed the US Attorney's Office in their report on the incident. This brazen scheme highlights an interesting flaw in DoorDash's software design that may have allowed Devagiri to escape detection - had he kept the amounts smaller.

However, as the sum of money missing from DoorDash's system grew, so did the attention to this unusual case. Investigations were launched, and eventually, Devagiri's scheme was uncovered, revealing the full extent of his deception.

The US Attorney's Office highlighted that it is only when the amounts stolen become too large to ignore that investigations are triggered. This cautionary tale serves as a reminder of the importance of robust security measures in place to prevent similar incidents in the future.