Deliver-who? Hackers sell access to Deliveroo customers' accounts for as little as £3

Daily Mail Online 1 week ago

Hackers are selling access to Deliveroo customers’ accounts for as little as £3 – and the stolen details are then being used to order food from local shops and restaurants before the delivery firm’s customers become aware of the crime.

A Mail on Sunday investigation found hackers are advertising a menu of options on the Dark Web, including a one-off fee and pre-paid ‘credit’ for significant discounts.

One customer told us he was hacked five times in one evening this month and another has been hacked twice this year despite changing her password.

Hackers flood Deliveroo and other sites to test for vulnerable accounts, mainly those where customers have used the same passwords. Once in, they change telephone numbers and addresses to divert deliveries and then switch details back before quitting the account [File photo]
Hackers flood Deliveroo and other sites to test for vulnerable accounts, mainly those where customers have used the same passwords. Once in, they change telephone numbers and addresses to divert deliveries and then switch details back before quitting the account [File photo]

The company was alerted to the problem earlier this year. But last week, daily complaints on social media included more than £200 ordered from East London takeaways from one account and another fraudulent order for £100 worth of cigarettes from the local Co-op.

Fraudsters often order small amounts, even single meals, at a time. One customer said her account had been used to order ‘posh chocolate’.

Jason Hill, lead cyber security researcher at CyberInt, said email addresses, passwords and bank details are stolen through data breaches at other companies and traded on the Dark Web, part of the internet not visible to search engines. 

Hackers then flood Deliveroo and other sites to test for vulnerable accounts, mainly those where customers have used the same passwords.

Once in, they change telephone numbers and addresses to divert deliveries and then switch details back before quitting the account.

But criminals leave behind evidence and victims have found their details on digital receipts. 

After ‘brief investigations’ last week, Hill was able to find evidence that access to Deliveroo and other delivery firm accounts had been traded on the Dark Web. 

One, claiming to be a student and which appeared to be inactive, offered ‘all the food you want’ from Deliveroo for £5.99. 

Another advertised Deliveroo ‘credit balances’ between £10 and £99 for 30 per cent of their value.

Deliveroo said last night: ‘We regularly introduce measures to combat fraudsters and to protect customer accounts. Unfortunately, cyber criminals rely on people reusing the same passwords on multiple online services and use data breaches elsewhere to try to gain access to other accounts online.’

One customer told us he was hacked five times in one evening this month and another has been hacked twice this year despite changing her password. The company was alerted to the problem earlier this year [File photo]
One customer told us he was hacked five times in one evening this month and another has been hacked twice this year despite changing her password. The company was alerted to the problem earlier this year [File photo]

Source link
Read also:
The Sun › Finance › 2 weeks ago
JUST Eat, Deliveroo and Uber Eats are delivering food to customers from hundreds of restaurants with poor food hygiene standards, it has been reported. The food delivery companies claim the restaurants they provide have hygiene ratings of at least two...
Business Insider › Technology › 1 week ago
Most cyber-attacks target people who haven't taken basic precautions to secure their accounts, making them "low-hanging fruit" to potential hackers. Changing passwords frequently, limiting the information you share online, and being clever with your...
Business Insider › Finance › 1 month ago
Financial planners and savers alike are obsessed with high-yield savings accounts. High-yield savings accounts offer 2% interest or more (although rates are subject to change), while savings accounts at traditional banks can offer as little as 0.01%...
Reuters › Finance › 3 days ago
Britain's competition regulator said on Wednesday it had launched a formal investigation into Amazon.com Inc's investment in food delivery company Deliveroo, setting a December 11 deadline for a decision https://reut.rs/2ONs4b0 on the first phase of...
The Sun › Finance › 1 week ago
WAGAMAMA has launched a new spicy version of its famous katsu curry – but you can only order it via Deliveroo. The high street pan Asian restaurant has also launched a new menu inspired by Japanese street food. The katsu curry – which comes in...
One America News Network › Technology › 4 days ago
(Reuters) - Britain's competition regulator said on Wednesday it has launched an investigation into Amazon.com Inc's investment in online food delivery firm Deliveroo.
Business Insider › Finance › 4 days ago
Amazon's major investment in British food delivery startup Deliveroo has hit another snag after the UK's competition watchdog decided to launch a formal investigation into the deal. The Competition and Markets Authority has been weighing whether to...
Telegraph › Technology › 4 days ago
The UK's competition watchdog has launched a probe into Amazon's investment in Deliveroo, prompting concerns over the British company's dwindling cash pile.
The Wall Street Journal › Finance › 3 days ago
Britain’s antitrust watchdog has launched a formal probe into Amazon.com’s investment into Deliveroo, a British food-delivery startup.
Business Insider › Technology › 1 month ago
Facebook announced Monday that it has taken down hundreds of fake accounts, groups, and pages originating from Ukraine and Iraq. In total, Facebook removed 244 accounts, 269 pages, 80 groups, and seven Instagram accounts, which were connected to these...
Sign In

Sign in to follow sources and tags you love, and get personalized stories.

Continue with Google
OR