Deliveroo, Dominos and Papa Johns are among food delivery companies most often targeted by cybercriminals.

This is according to global cybersecurity company DynaRisk, which investigated the types of sites targeted by cybercriminals. The company obtained over 1,000 configuration files for  popular hacking tools “from the dark web and hacker communities” and discovered that online food delivery services are frequently targeted.

The researchers found that cyber criminals are sharing ‘cheat sheets’ for hacking tools used to break through site defences, with the food delivery sector among the most popular targets. Using stolen email address and password combinations, hackers are able to gain access to users’ accounts, and often stored card information.

The top five most frequently targeted brands were Domino’s, Deliveroo, Nandos, Papa Johns and Morrisons. Tescos, Pizza Hut and Subway were also in the top ten.

DynaRisk also found that of all the European companies targeted, .co.uk domains have the highest number of hits, suggesting UK companies are more at risk.

Earlier this year, it was widely reported that Deliveroo accounts were being targeted by hackers, with customers billed for orders they did not make, after account details were put up for sale on the dark web.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Food delivery companies hacked: Are careless cybersecurity practices to blame?

Andrew Martin, CEO and Founder of DynaRisk explains that the convenience of food delivery services can lead customers to adopt careless cybersecurity practices:

“Unfortunately, consumers often use the same log-in credentials across a number of different platforms – and seldom consider the security of their personal data when benefitting from the convenience of platforms such as Deliveroo. It takes only one cybercriminal to hack a site’s defences and share this knowledge with the community, leaving accounts vulnerable to credential stuffing and fraud.

He believes that for platforms where card details are stored, good cybersecurity practices are of high importance:

“When hacks of this nature happen and scams occur, it can be difficult to reclaim any money stolen since it becomes difficult to prove the transaction was made fraudulently. This makes the security of credentials on these platforms crucial to safeguard.

“If a consumer has a credit card hooked up to services such as these, they should regularly update log-in details and passwords; making each new password random and unique. There is also the ability to enable two-step verification on purchases with some sites; this will alert a consumer to a log-in attempt and provide the ability to block the activity remotely before it’s too late.”


Read more: Fraudsters are still targeting Deliveroo customers — is the company doing enough?