Deliveroo, Tesco among most hacked food delivery brands - survey

Mark Johnson's picture

Global cybersecurity firm DynaRisk has discovered a hunger for hacking food delivery companies in the UK, with platforms including Deliveroo, Domino’s, Papa Johns and Nando’s among those often targeted. 

The research has found that cyber criminals are sharing ‘cheat sheets’ for hacking tools used to break through site defences at scale, with sectors such as food delivery companies being amongst the most popular targets.

Account takeover risk 

Users of the services listed are vulnerable to account takeover, with UK users particularly at risk of having their accounts hijacked by cybercriminals. 

The research reveals that a cache of files containing configuration scripts are being used in conjunction with hacker tools to hijack people’s accounts.

DynaRisk said the research found that millions of accounts could be vulnerable; hackers simply need to obtain stolen email address and password combinations, combine them with these cheat sheets and feed them into hacking tools. 

If they discover a match, they’ll be able to break into the food delivery service as the victim.

New data 

The new data comes from a study conducted by DynaRisk, investigating the types of sites targeted by cyber criminals and the methods they typically use to break down a site’s defences. 

DynaRisk obtained over 1000 configuration files for a popular hacking tool and discovered that online food delivery services are routinely targeted.

Hungry hacks: DynaRisk's list of most hacked food delivery brands

“Unfortunately, consumers often use the same log-in credentials across a number of different platforms - and seldom consider the security of their personal data when benefitting from the convenience of platforms such as Deliveroo”, said Andrew Martin, CEO and Founder of DynaRisk. 

“It takes only one cybercriminal to hack a site’s defences and share this knowledge with the community, leaving accounts vulnerable to credential stuffing and fraud.”

“When hacks of this nature happen and scams occur, it can be difficult to reclaim any money stolen since it becomes difficult to prove the transaction was made fraudulently. 

“This makes the security of credentials on these platforms crucial to safeguard. If a consumer has a credit card hooked up to services such as these, they should regularly update log-in details and passwords; making each new password random and unique. 

Two-step security 

“There is also the ability to enable two-step verification on purchases with some sites; this will alert a consumer to a log-in attempt and provide the ability to block the activity remotely before it’s too late.”

“Sadly, the truth is that companies can never do enough to protect customer data, however, constant investment and training needs to be put in place to ensure customer information is safe. 

“Businesses need to be able to anticipate and prevent new threats and need knowledge of how easy it is for hackers to access unsecure data. 

“As we’ve identified, all companies - big and small - now need to have cybersecurity at the top of the agenda. This is especially crucial for tech companies that possess and store large amounts of data.”

“Consumers can check if their information has been compromised using data breach scanning services. 

“These services can identify whether personal information has been stolen, identify any potential vulnerabilities and provide a Cyber Security ‘Score’ from which to work on. The better the score, the more secure you are, and least at risk.”

Digital City Festival 2020

Digital City Festival has launched

Five days of events showcasing the best of digital in the North