Protect Your Deliveroo Password or It Will Be Stolen, Sold, and Used Without Your Permission

Ordering food is supposed to be a fun experience, but if you are not careful enough while using food delivery applications, you might end up paying for someone else’s meals. Recent attacks on the Deliveroo users started rumors that the food delivery app was hacked. However, the company claims that none of its systems were attacked and there were no data leaks. Therefore, it is possible that the hackers succeeded because of their victims’ poor password habits. If you keep reading our report, you can learn more about how hackers take control over Deliveroo accounts and what happens if they succeed. Of course, we also present tips on how to protect one’s account from such attacks, which is why we highly recommend reading our full article to all of you who use the Deliveroo food delivery app.

How do hackers access Deliveroo accounts?

As we explained earlier, rumors were saying that the food delivery app was hacked and that cybercriminals were able to steal passwords and login names of some users from the Deliveroo systems. Nonetheless, the company has denied such rumors and claims there were no data breaches or other attacks on their systems that could have cost leakage of users’ login credentials. According to the Deliveroo spokesman’s statement, the company takes data protection seriously and uses appropriate measures, such as encryption and password hashing, to protect their users’ data. The statement says that the affected accounts were misused not because the food delivery app got hacked, but because victims were using compromised passwords.

Compromised passwords are stolen passwords obtained during data breaches or similar attacks. Cybercriminals no longer need to breach systems to get access to accounts of particular websites or applications. It is well-known that many users still recycle passwords (use same passcodes for multiple accounts) despite cybersecurity experts’ warnings. Thus, hackers can access wanted accounts by trying the credentials they already have from breaching other websites/applications. Also, credentials obtained during data breaches are often sold on the dark web where they can be obtained by anyone willing to pay. After getting credentials from a particular website/application, hackers can try them somewhere else. In such a case, if the breached website’s/application’s victims use the same login credentials anywhere else, hackers might be able to access their other accounts.

Using one base passcode and slightly modifying it for each account is a bad idea too. Hackers have tools that can come up with possible combinations and access account by trying them all till they succeed. Therefore, we highly recommend not to recycle passwords. If you genuinely want your accounts to be secure, you should have a unique password for each of them. This way, you would not have to worry that one breached/stolen password could expose all of your other accounts.

What happens when hackers take control over your Deliveroo account?

As you can imagine, cybercriminals need to eat just like everyone else. The attack on McDonald's app users shows that they also like to get their food free of charge if they can. Most of Deliveroo users whose accounts were accessed by hackers claim the attackers have ordered food at their expense. It would seem that the cybercriminals change user’s delivery address so they would get the ordered food. Of course, they should also replace a victim’s password and if possible, email to take full control over the account. As a result, you might be unable to do anything yourself even if you receive notifications about changed personal details via email. In such a case, it is advisable to contact not only Deliveroo but also your credit card provider as fast as possible to stop hackers from placing more orders and paying with your credit card.

How to protect your Deliveroo account?

You do not have to stop using the food delivery app if you take safety precautions that we list below.

Change your password with a stronger combination

The first thing we recommend doing is changing your Deliveroo app’s passcode even if you do not think you are using a breached/stolen password. Some data breaches are reported only years later, and some of them might not be reported at all, which means you might not know you are using stolen passwords. As we said earlier, using the same combination for all of your accounts is extremely risky, and you should use unique passcodes instead. Keep in mind that your pet’s name or your favorite movie titles are not a good material for a unique password. It is best to use random characters or, at least, words that have no meaning to you. Also, it is currently advisable to use passwords from at least twelve characters as well as include both lower-case and upper-case letters, symbols, and numbers.

No doubt, it might be difficult not only to come up with secure passwords but also to memorize them. Nonetheless, there is a solution as, nowadays, we have password managers, applications that can generate strong passwords and remember them for you. Thus, if you do want to change possibly stolen passwords, but do not feel up to such a task, you could employ a dedicated tool such as Cyclonis Password Manager. The application can generate unique passwords from up to 32 characters, and automatically log you into your accounts so you would not need to memorize all of your passwords.

Cyclonis works on Windows, Mac, iOS, and Android devices, Therefore, if you choose to set up your encrypted vault on preferred cloud storage, you could sync your passwords between your computers, mobile phones, and tablets. To learn more about the benefits of using Cyclonis, you can continue reading here.

Check for emails from Deliveroo

Until Deliveroo can come up with a solution that would prevent hackers from misusing stolen passwords to gain control over their users’ accounts, it is necessary to check your email frequently. Especially for messages from Deliveroo. If you get a message about your delivery address or app’s password being changed, you should contact the food delivery app’s support at once. This way, you might be able to prevent hackers from misusing your account in time. Also, it is advisable to check your banking account frequently too. If hackers manage to change your email address, you might no longer receive emails from Deliveroo. Nevertheless, in such a case, you could notice money transactions that you did not authenticate.

Remove payment information from your account

If you fear that the safety precautions mentioned above might not be enough, you could remove your payment information from the food delivery app. This way, even if hackers have a stolen password that allows accessing your Deliveroo account, they would be unable to order any food at your expense. It may not be a perfect solution, but it could help you save your money in case someone gains access to your food delivery account.

Overall, even though it is unlikely that the food delivery app was hacked, and its representatives claim that breached/stolen passwords could be to blame, it does not mean the company should not present features that would increase their users' accounts’ security. However, in the meantime, each user must do what he can to ensure that cybercriminals cannot break into his account, starting with ditching poor password habits. After all, if you use the same password or weak combinations everywhere, hacked Deliveroo account could be only the beginning.

September 16, 2019

Leave a Reply