Deliver-who? Hackers sell access to Deliveroo customers’ accounts for as little as £3

Deliver-who? Hackers sell access to Deliveroo customers’ accounts for as little as £3 with stolen details used to order food shops and restaurants

  • Deliveroo customers have their account details sold by hackers who order food 
  • One Deliveroo customer even said he was hacked five times in a single night
  • Fraudsters are ordering whole meals and even posh chocolate using accounts 
  • Another fraudulent order was for £100 worth of cigarettes from the local Co-op

Hackers are selling access to Deliveroo customers’ accounts for as little as £3 – and the stolen details are then being used to order food from local shops and restaurants before the delivery firm’s customers become aware of the crime.

A Mail on Sunday investigation found hackers are advertising a menu of options on the Dark Web, including a one-off fee and pre-paid ‘credit’ for significant discounts.

One customer told us he was hacked five times in one evening this month and another has been hacked twice this year despite changing her password.

Hackers flood Deliveroo and other sites to test for vulnerable accounts, mainly those where customers have used the same passwords. Once in, they change telephone numbers and addresses to divert deliveries and then switch details back before quitting the account [File photo]

The company was alerted to the problem earlier this year. But last week, daily complaints on social media included more than £200 ordered from East London takeaways from one account and another fraudulent order for £100 worth of cigarettes from the local Co-op.

Fraudsters often order small amounts, even single meals, at a time. One customer said her account had been used to order ‘posh chocolate’.

Jason Hill, lead cyber security researcher at CyberInt, said email addresses, passwords and bank details are stolen through data breaches at other companies and traded on the Dark Web, part of the internet not visible to search engines. 

Fast food deliveries fuel obesity

Half a million families with school-age children indulge in calorie-laden, home delivered fast food at least once a week.

Those with children in primary school are the most likely to do so – with almost one in ten families getting takeaways via such apps such as Just Eat, Deliveroo and UberEats at least weekly.

Parents of secondary school children are not far behind, at seven per cent. Both groups are above the average for the adult population of six per cent.

Overall, the numbers using delivery services at least once a week has jumped from 2.3 million in 2015 to 3 million in 2019. 

Professor Naveed Sattar, of Glasgow University, said the growth of fast-food delivery was ‘highly likely to be fuelling obesity’.

The figures come days after England’s outgoing Chief Medical Officer, Professor Dame Sally Davies, called for a ban on eating on public transport to reduce childhood obesity.

Those with children in primary school are the most likely to do so ¿ with almost one in ten families getting takeaways via such apps such as Just Eat, Deliveroo and UberEats at least weekly [File photo]

Those with children in primary school are the most likely to do so – with almost one in ten families getting takeaways via such apps such as Just Eat, Deliveroo and UberEats at least weekly [File photo]

Hackers then flood Deliveroo and other sites to test for vulnerable accounts, mainly those where customers have used the same passwords.

Once in, they change telephone numbers and addresses to divert deliveries and then switch details back before quitting the account.

But criminals leave behind evidence and victims have found their details on digital receipts. 

After ‘brief investigations’ last week, Hill was able to find evidence that access to Deliveroo and other delivery firm accounts had been traded on the Dark Web. 

One, claiming to be a student and which appeared to be inactive, offered ‘all the food you want’ from Deliveroo for £5.99. 

Another advertised Deliveroo ‘credit balances’ between £10 and £99 for 30 per cent of their value.

Deliveroo said last night: ‘We regularly introduce measures to combat fraudsters and to protect customer accounts. Unfortunately, cyber criminals rely on people reusing the same passwords on multiple online services and use data breaches elsewhere to try to gain access to other accounts online.’

One customer told us he was hacked five times in one evening this month and another has been hacked twice this year despite changing her password. The company was alerted to the problem earlier this year [File photo]

One customer told us he was hacked five times in one evening this month and another has been hacked twice this year despite changing her password. The company was alerted to the problem earlier this year [File photo]

Read more at DailyMail.co.uk