October 7, 2019updated 08 Oct 2019 2:56pm

Deliveroo and Domino’s among most-hacked food delivery companies

By Ellen Daniel

Deliveroo, Dominos and Papa Johns are among food delivery companies most often targeted by cybercriminals.

This is according to global cybersecurity company DynaRisk, which investigated the types of sites targeted by cybercriminals. The company obtained over 1,000 configuration files for  popular hacking tools “from the dark web and hacker communities” and discovered that online food delivery services are frequently targeted.

The researchers found that cyber criminals are sharing ‘cheat sheets’ for hacking tools used to break through site defences, with the food delivery sector among the most popular targets. Using stolen email address and password combinations, hackers are able to gain access to users’ accounts, and often stored card information.

The top five most frequently targeted brands were Domino’s, Deliveroo, Nandos, Papa Johns and Morrisons. Tescos, Pizza Hut and Subway were also in the top ten.

DynaRisk also found that of all the European companies targeted, .co.uk domains have the highest number of hits, suggesting UK companies are more at risk.

Earlier this year, it was widely reported that Deliveroo accounts were being targeted by hackers, with customers billed for orders they did not make, after account details were put up for sale on the dark web.

Food delivery companies hacked: Are careless cybersecurity practices to blame?

Andrew Martin, CEO and Founder of DynaRisk explains that the convenience of food delivery services can lead customers to adopt careless cybersecurity practices:

“Unfortunately, consumers often use the same log-in credentials across a number of different platforms – and seldom consider the security of their personal data when benefitting from the convenience of platforms such as Deliveroo. It takes only one cybercriminal to hack a site’s defences and share this knowledge with the community, leaving accounts vulnerable to credential stuffing and fraud.

He believes that for platforms where card details are stored, good cybersecurity practices are of high importance:

“When hacks of this nature happen and scams occur, it can be difficult to reclaim any money stolen since it becomes difficult to prove the transaction was made fraudulently. This makes the security of credentials on these platforms crucial to safeguard.

“If a consumer has a credit card hooked up to services such as these, they should regularly update log-in details and passwords; making each new password random and unique. There is also the ability to enable two-step verification on purchases with some sites; this will alert a consumer to a log-in attempt and provide the ability to block the activity remotely before it’s too late.”


Read more: Fraudsters are still targeting Deliveroo customers — is the company doing enough?