Please upgrade your browser for the best Refinery29 experience. Read more.

Saved! Access Favorites in your account profile. Removed from my favorites

UK Deliveroo Customers Charged For Food They Didn't Order

comments
Photo: Alexandra Gavillet
Deliveroo customers have reported having their accounts hacked and being charged for food they didn't order, so we should all probably check our own order histories, stat.

One user of the food delivery app told BBC Watchdog that someone had spent £200 on burgers, that were sent to several addresses, on their account without their knowledge, the BBC reported.

"I noticed that I had a 'thank you' email from Deliveroo for a burger joint in Chiswick. I thought that was really odd so I went on to my account and had a look and there had been four orders that afternoon to a couple of addresses in London," said Judith MacFadyen from Reading.

Another user, Margaret Warner from Manchester, was charged for a £113.70 order of chicken, waffles and chips that she didn't make, while customer Steve Tappin was charged for a £98 TGI Friday delivery 86 miles away from where he lives.

The customers have all since had their money refunded, reported the BBC.

Deliveroo denied responsibility for the hacks, saying no financial information had been stolen from customers and that hackers used passwords gained from previous data breaches at other companies.

In a statement, the company said "instances of fraud on our system are rare", but that it takes such problems "very seriously".

It advised users to make their passwords "strong and unique" for each service they use.

However, experts have warned that Deliveroo needs to upgrade its security measures to prevent further hacks.

"When we buy things online, the more hoops we have to jump through to complete that purchase, the more likely we are to go away and do something else instead," technology journalist David McClelland told the BBC.

"Deliveroo realises that – so tries to remove as many of the hoops as possible," he added.

"However, some of the hoops that Deliveroo are removing are there specifically for security purposes. So while it may be making it easier for us to place orders, it is also making it easier for us to be defrauded."

McClelland said Deliveroo should require users to input their bank card's CVV2 code and check the address on orders to ensure it isn’t suspiciously far away from the the registered address on a user's account.

Whether you've been hacked or not, it's worth changing your password and making it as unhackable as possible.
SHARE
TWEET
EMAIL