Hackers target food delivery app Deliveroo

Cyber criminals have hacked popular food delivery app Deliveroo.

The hackers have been breaking into customers’ accounts and ordering fast food without their permission.

Accounts holders affected have been desperately trying to cancel the orders before the food is handed over to the hackers. 

Customers details were obtained by phishing emails and other hacks.

The food items illegally ordered range from just a few bottles of cider and cigarettes to larger orders – some up to £450 each.

The Daily Mail reported that one victim, Daisy Grace, tweeted: “To the person in Dalston who just hacked into my deliveroo account: did you have no dreams bigger than cider and cigs from the Nisa Local?”

Deliveroo customers have reported delays of up to five days after they report fraudulent activity on their accounts before the company get back to them.

Dark Web

Apparently, the hackers buy people’s login details from the dark web for less than £5 a time. 

Hackers are said to be getting the details by sending phishing emails to users which are designed to look like they are officially from Deliveroo.

Others buy passwords on the dark web which are harvested from data breaches of other companies and try them on Deliveroo accounts.

Forbes reported London-based PR Manager Tessa Bryant who was the victim of one of the committed hackers.

The cyber criminals tried to buy £150-worth of Greggs using her account.

She tweeted: ‘My @Deliveroo account was just hacked, and someone tried to order £150 worth of cakes & ice cream to a @greggs in north London. Thanks for the push notification about the driver delay guys – managed to cancel it just in time!’

She said that considering it was 10am on a weekday, she would have thought bacon sandwiches would have been more appropriate.

Another customer, Steven Marsden, claimed a hacker had logged into his account, complained about a previous order and managed to blag a £37 platter of kebabs and chips on the house. 

Deliveroo customers have reported delays of up to five days after they report fraudulent activity on their accounts before the company get back to them.

Account details

Deliveroo said they had introduced new measures to combat fraud, including extra security checks when the app detects changes to account details.

However, they did say their systems had not been breached and the passwords used by fraudsters must have been obtained elsewhere. 

A Deliveroo spokesman said: ‘Deliveroo takes online security extremely seriously and has robust measures both to protect our systems and members of the public who have had their passwords compromised outside of Deliveroo. 

‘Sadly, cyber criminals rely on the fact that people reuse the same passwords on multiple online services and use data breaches on other sites to try gain access to Deliveroo accounts. There has been no breach of Deliveroo’s internal systems.

‘We continuously roll out measures to combat fraudsters and have introduced further security this year to help protect customers from fraudulent charges when their accounts have been accessed.

Scroll to Top