If customers can't trust the photo in the app, they can't really know who's showing up.
When a stranger tried to force his way into a California man's home during a food delivery, it exposed a quiet but consequential gap in the systems meant to keep people safe: the identity displayed in a delivery app and the person standing at your door are not always the same. Across California, app accounts are being bought and sold on open social media markets, allowing unvetted individuals to bypass the background checks that platforms and a 2024 state law were designed to enforce. The law, passed unanimously with the best of intentions, rests on an assumption — that the screened driver is the one making the delivery — that turns out to be easily broken. Lawmakers are now confronting the distance between the protection a law promises and the protection it can actually deliver.
- A man tried to push his way into a customer's home during a food delivery, and the face at the door matched no one the app had ever vetted.
- CBS News found that one in four test deliveries was made by someone who didn't match the account photo — accounts openly sold on Facebook Marketplace, some advertising that no driver's license was needed.
- A 2024 California law requiring apps to display driver names and photos was meant to be a safeguard, but it cannot protect anyone if the identity in the app belongs to a different person entirely.
- DoorDash, Uber, and Lyft all say they remove fraudulent accounts when caught, and Meta says it pulled flagged listings — but the accounts were advertised openly, suggesting enforcement follows harm rather than preventing it.
- The law's author is now drafting stronger penalties and seeking law enforcement involvement, racing to close a loophole that leaves every customer uncertain about who is actually at their door.
Charles Bledsoe opened his door expecting the woman shown in his DoorDash app. A man he had never seen pushed toward him instead, and Bledsoe later said he feared for his life. That moment became the seed of a CBS News California investigation that revealed something both simple and alarming: delivery app accounts are being rented and sold on social media, allowing people who have never passed a background check to show up at strangers' doors carrying someone else's verified identity.
Reporters tested the system with a series of orders and found that in one out of four deliveries, the person who arrived did not match the photo in the app. The accounts were advertised openly on Facebook Marketplace and Instagram, sometimes with the explicit promise that no driver's license was required. The loophole was not hidden — it was a marketplace.
Two years ago, California Assemblywoman Laurie Davies had authored a law requiring delivery apps to show a driver's name and photo when an order was en route. The bill passed unanimously, a rare bipartisan achievement. But the investigation made clear that displaying a photo only protects customers if the person in the photo is actually the one making the delivery. When CBS News presented the findings to Davies at the State Capitol, she acknowledged the gap directly and said she was already working on solutions — stiffer penalties for account sharing and law enforcement involvement to find tools with real teeth. "We've got to close that loophole," she said.
The problem reached beyond DoorDash. Uber and Lyft accounts were also found for rent on the same platforms. All three companies said they remove accounts caught in fraud; Meta said it pulled the flagged listings. But the accounts had been advertised in the open, and the enforcement was clearly reactive.
Bledsoe framed the stakes plainly: "What would happen if it had been a young lady by herself?" As lawmakers begin drafting stronger measures, the answer remains uncomfortable — the photo in the app would have told her nothing, and the law meant to protect her would have offered only the appearance of safety.
Charles Bledsoe opened his door expecting a woman to hand him his DoorDash order. A man appeared instead—someone he'd never seen before—and tried to push his way inside. "I feared for my life," Bledsoe said later, describing the moment that would set off a chain of questions about who really shows up when you order food in California.
That incident became the starting point for a CBS News California investigation that uncovered a straightforward but alarming loophole: delivery drivers were renting and selling app accounts on social media to bypass the background checks that platforms require. Reporters Kristine Lazar and Amy Corral tested the system by placing a series of orders. In one out of every four deliveries, the person who arrived did not match the photo displayed in the app. The accounts themselves were being openly advertised on Facebook Marketplace and Instagram, sometimes explicitly noting that no driver's license was required. The implication was clear: someone could gain access to a delivery platform without ever being vetted, simply by borrowing or buying someone else's identity.
Two years earlier, California had passed a law designed to prevent exactly this kind of problem. Assemblywoman Laurie Davies had authored legislation requiring food delivery apps to display a driver's first name and photo when an order was out for delivery. The idea was simple and sensible: if customers could see who was coming to their door, they could protect themselves, and law enforcement would have a way to identify drivers if something went wrong. The bill passed unanimously, a remarkable achievement for a Republican-authored measure in California's Democratic-controlled legislature. But the investigation revealed that the law's protections were hollow if the person holding the account wasn't actually the person in the photo.
When CBS News brought the findings to Davies at the State Capitol, she acknowledged the gap. "It's a great question," she said when asked whether the law still protected people if there was no way to verify that the background-checked person was actually making the delivery. Davies indicated she was already exploring solutions: stronger safeguards, tougher penalties for people who rented, sold, or shared accounts, and involvement from law enforcement to determine what legal tools might work. "We've got to close that loophole," she said.
The problem extended beyond DoorDash. CBS News also found Uber and Lyft accounts being rented on social media platforms. When the networks reached out to the companies, all three said they removed account holders caught engaging in fraud. Meta, which owns Facebook and Instagram, said it had reviewed the accounts identified during the investigation and removed those violating its fraud policies. But the fact that such accounts were advertised openly, and apparently easily accessible, suggested the enforcement was reactive rather than preventive.
For Bledsoe, the response couldn't come fast enough. He posed a question that captured the stakes: "What would happen if it had been a young lady by herself?" The answer was that she would have had no way to know, in the moment, that the person at her door had never been properly screened. The photo in the app would have been useless. The law that was supposed to protect her would have failed. As lawmakers began drafting stronger measures, the gap between what customers thought they were getting and what was actually happening remained open.
Notable Quotes
I feared for my life— Charles Bledsoe, describing a delivery driver who attempted to force his way inside
We've got to close that loophole— Assemblywoman Laurie Davies, on the account-sharing vulnerability
The Hearth Conversation Another angle on the story
Why does this loophole exist in the first place? Didn't the platforms build in any verification?
They did—but they only verify the person who creates the account. Once that account exists, nothing stops someone else from using it. The platforms rely on the account holder to keep their login private, which is a weak assumption when people are actively selling access on Facebook.
So the law that required photos—it was supposed to solve this?
It was supposed to help. If you can see a photo of your driver, you can at least decide whether to open the door. But that only works if the person in the photo is actually the one coming to deliver. When one in four drivers don't match, the photo becomes a false sense of security.
What's stopping someone from just using a fake account right now?
Nothing, really. You can buy or rent an account that's already been background-checked. No license required. You're essentially borrowing someone else's vetting.
And the companies say they remove people caught doing this. So why is it still happening?
Because they're catching people after the fact, not before. By the time an account is flagged and removed, dozens of deliveries may have already happened. The enforcement is too slow.
What would actually stop it?
You'd need real-time verification—maybe a photo match at the time of delivery, or a requirement to re-verify periodically. But that costs money and slows down the system. Right now, speed is more important to the platforms than certainty.
Is there any chance this gets fixed?
The assemblywoman is pushing for it, and the incident with Bledsoe shows why it matters. But it requires coordination between platforms, lawmakers, and law enforcement. That's slow. Meanwhile, the loophole stays open.