Deliveroo Customer Accounts Hacked – Previously Compromised Passwords To Blame
Customers of takeaway food app Deliveroo have had their accounts hacked and run up bills for food that they did not order, according to an investigation by the BBC’s Watchdog programme.
One user said that £200 was spent on burgers delivered to several addresses.
The firm said the hacks were carried out using passwords stolen in previous data breaches on other companies.
This highlights the importance of using unique, strong passwords for each account. This way, if one account is compromised, your others should be safe. More information on creating strong passwords can be found here.
One expert warned that the firm must improve security.
Deliveroo denied that any financial information had been stolen.
“Customer security is crucial to us and instances of fraud on our system are rare, but where customers have encountered a problem, we take it very seriously,”
“We are aware of these cases raised by Watchdog – they involve stolen food, not credit card numbers. These issues occur when criminals use a password stolen from another service unrelated to our company in a major data breach.”
It urged customers to use “strong and unique passwords for every service they use”
But technology expert David McClelland told the BBC’s Watchdog that Deliveroo could do more.
“When we buy things online, the more hoops we have to jump through to complete that purchase, the more likely we are to go away and do something else instead.
“Deliveroo realises that – so tries to remove as many of the hoops as possible. However, some of the hoops that Deliveroo are removing are there specifically for security purposes. So while it may be making it easier for us to place orders, it is also making it easier for us to be defrauded.”
Complete the new 2016 Cyber Crime survey, so we can see the full scope of Cyber Crime in Warwickshire, and across West Mercia and the West Midlands – https://www.surveymonkey.co.uk/r/RegionalCyber16
For more information about our work, please visit www.safeinwarwickshire.com/cybercrime
Cyber Aware is a cross-government campaign, funded by the National Cyber Security Programme. They aim to measurably and significantly improve the online safety behaviour and confidence of consumers and small businesses (SMEs).
Get Safe Online is the UK’s leading source of factual and easy-to-understand information on online safety. Their website offers advice on how you can protect yourself, your computers and devices, and your business against the likes of fraud, identity theft, viruses and other potential online problems.