Someone has figured out how to manipulate the food delivery app, Deliveroo, to charge users for all sorts of food items, even if it’s not delivered to them. Several users have reported having bills of £100 or more for food that was delivered to a number of different locations, but certainly not their homes.
Deliveroo was launched in 2013 as a way to quickly and more easily acquire takeaways, delivering to nearby locations and taking online payments for the various supporting outlets in the local area. Available now in various towns around the UK, it’s rather popular, but appears to have hit a snag when it comes to security – or at least its users do.
Deliveroo claims that this problem is down to password reuse, claiming that nothing has been hacked or breached, but that customers who’s passwords have been stolen in breaches of other services, could be affected if they used the same one for their Deliveroo account.
Source: Mosier J/Flickr
“Customer security is crucial to us and instances of fraud on our system are rare, but where customers have encountered a problem, we take it very seriously,” the service said in a statement. It went on to urge customers to use strong, unique passwords for their delivery accounts.
Initially discovered by the BBC’s Watchdog program, this breach cost some users as much as £200 on food they didn’t even get a sniff of.
Discuss on our Facebook page, HERE.
KitGuru Says: This is why using strong, unique passwords is important. If your information is stolen in one breach, it can be used to create another.