Deliveroo has saved me during many a dark, hangry moment, and it’s also a massive enabler of my laziness. Today, however, what Deliveroo is delivering is bad news, straight to the doors of some of its customers. It’s been hit by an attack and it’s a lesson in good password practice for us all.
Deliveroo is famous for hooking up restaurants with a team of ninja delivery-peeps, and is about to become a TV star in its own right with an appearance on tonight’s BBC’s Watchdog programme.
Watchdog has found that the accounts of some Deliveroo customers have been used to order a heck-tonne of food. One customer, for example, realised that someone had bought £200-worth of burgers (which I would totally do) on their account, and then sent them out to different addresses (which is less plausible).
Deliveroo reckons that the attack was launched using passwords that were nicked during data breaches on other companies, which highlights the importance of not reusing passwords across different accounts.
Deliveroo-er Judith MacFayden told Watchdog: “I noticed that I had a ‘thank you’ email from Deliveroo for a burger joint in Chiswick. I thought that was really odd so I went on to my account and had a look and there had been four orders that afternoon to a couple of addresses in London.”
It sounds like it wasn’t a mega breach, at this stage at least, and that the affected users have had their money refunded. Good security can seem like a faff – who actually has the time to remember the 5.14 million passwords we all use daily, or can be bothered to use two-factor authentication – but it’s often in place for a reason.
Technology expert David McClelland reckons Deliveroo has sacrificed too much security for the sake of user experience. He says: “When we buy things online, the more hoops we have to jump through to complete that purchase, the more likely we are to go away and do something else instead.
“Deliveroo realises that – so tries to remove as many of the hoops as possible. However, some of the hoops that Deliveroo are removing are there specifically for security purposes. So while it may be making it easier for us to place orders, it is also making it easier for us to be defrauded.”
So, stay safe and be vigilant, and if you’re having trouble remembering all of the passwords think about using a password manager, so that what you’re getting served isn’t a data breach (or £200-worth of burgers).
The episode of Watchdog is being shown on BBC One tonight at 8pm if you want to find out more – it’ll be a rush to get there after Inspire MCR but I believe in you.