A food delivery app was hacked and customers were billed for food & drinks
According to information security specialists, several users of Deliveroo, a food delivery app, suffered the hacking of their accounts, as the app charged their accounts with hundreds of food and drinks bills that they never actually ordered.
One London resident who was affected by the
incident claims that an unknown user made purchases at multiple food
businesses, so the affected user received a bill of more than $150 USD.
Apparently most of the affected users are
residents of London; although this is not the first time this company
encounters a similar incident, it is clear that both Deliveroo and its users
remain a very easy target for threat actors, information security experts
However, the company claims that this incident
is not due to a cyberattack,
data breach or the like, but that attackers have been using login credentials stolen
in other security incidents to try to access Deliveroo accounts, in what is
known as credential
According to information security specialists,
credential stuffing is a really common and little complex hacking variant, as
people often use the same password for more than one online platform or
service, so threat actors only they have to try to enter the stolen passwords
into the right accounts of potential victims using automated tools.
In addition, there are multiple phishing pages
similar to the official Deliveroo platform used by hackers to trick users and
extract their login credentials. As if that weren’t enough, malicious users can
also purchase user data sets of these services on hacking forums for around $60
Through a statement, the company affirmed that
“as an e-commerce company, data security is a really serious matter for
Deliveroo. Highly stringent measures are being taken to prevent further damage
from this incident”. According to specialists from the International
Institute of Cyber Security (IICS), the company could easily identify
fraudulent orders using some machine learning tools.