Skip to content
City PM
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
Wednesday 23 November 2016 11:10 am

Deliveroo denies data hack

By: Lynsey Barber

Add as a preferred source on Google

Deliveroo has been forced to deny that it has been targeted by hackers after an investigation found some customers were charged for food they had not ordered.

A probe by the BBC's Watchdog show due to be shown tonight, found several examples of customers who were billed hundreds of pounds for food deliveries they did not make.

The company said there has been no breach of customers' financial information and put it down to users' own password security.

Read more: Deliveroo launches corporate service in fight against Uber and Amazon

"We are aware of these cases raised by Watchdog – they involve stolen food, not credit card numbers. These issues occur when criminals use a password stolen from another service unrelated to our company in a major data breach," the startup said.

"The stolen password is then used to fraudulently access someone's account. This is why we urge customers to use strong and unique passwords for every service they use."

The firm also stated a number of measures it used to ensure the security of customers' information, including anti-fraud measures and anomaly detection techniques with machine learning to detect unusual activity and block it.

"It is our policy not to comment on specific anti-fraud countermeasures because we don't want to provide public guidelines on how we detect fraud to criminals," the company said in a statement.

"That said, we can assure customers that we are constantly improving our security measures, and make regular upgrades to our practices. Recently, this included frequently asking customers to verify themselves when entering a new address."

Read more: If you're using one of these passwords you probably need to change it

It also said that it worked closely with customers in fraud cases, including reimbursing money and working with authorities where appropriate.

The fraud is just one example of the "domino effect" of hacks, where stolen credentials can be used to log into multiple online accounts other than the one directly targeted.

“This illustrates an interesting ‘chaining’ or ‘domino effect’ that data breaches can have across multiple organisations," said Kevin Cunningham, founder of the identity management software company Sailpoint.

"Taking stolen credentials from one breach and using them to access another website, all because a user chose to reuse a password across multiple sites is a very common occurrence.

"Use a unique password for every application. Make sure the password is long and more complex – ideally twelve characters should be thought of as a minimum."

Some Uber customers have also been subject to fraudulent activity, being charged for journeys they took in countries they never visited. The startup also said it was not targeted by hackers and does not store credit card details itself (a third party does), but it said reusing passwords was behind the fraud.

It comes as concerns were raised around striking the balance between making online shopping simple for customers and ensuring transactions are secure.

The European Banking Authority plans to introduce new rules under the wider Payment Services Directive (PSD2) regulation which will require two-factor authentication for any transactions over €10.

Read more: Three Mobile has become the latest high-profile victim of a cyber attack

This will mean a password, biometric verifications or code will be needed as standard, putting an end to one-click checkouts and automatic in-app payments where card details are already stored – processes used by the likes of Deliveroo, Uber, Amazon and many online companies.

However, Visa has warned that the plans will cause serious disruption for customers and online retailers.

"The plans will bring a host of complications and inconveniences including more declined transactions and longer and more complicated checkout experiences with little if any benefit to consumers," said chief risk officer for Visa Europe Peter Bayley, noting that fraudulent payments accounted for less than five cents in every €100 spent and that merchants and banks are prepared to take on the risk to ensure seamless shopping experiences.

“Managing payments is always about balancing security and convenience. If you tip the balance too far one way, you end up making it either too difficult or too risky for consumers to make purchases wherever, whenever and on whatever device they want. Either way it annoys consumers and damages businesses’ potential to sell their goods and services."

Share this article

  • Facebook
  • X
  • LinkedIn
  • WhatsApp
  • Email

Similarly tagged content:

Sections

  • News

Categories

  • Tech

Trending Articles

  • Exclusive: Big Four giant KPMG to cut more jobs

  • Music tycoon Simon Cowell sued by prominent City lawyer

  • The former African gold miner taking on the billionaire Issa brothers

  • Tesco ‘in talks’ to exit eastern Europe

  • Easyjet agrees to £5.7bn Apollo takeover

More from City PM

  • World Cup gives London restaurants and retailers Deliveroo boost

    Retail
    Soccer players competing in the World Cup, showcasing intense action on the field with a stadium full of cheering fans
  • Lime trialled fast-food lane that let Deliveroo riders bypass speed limits

    Tech
    Lime faces growing scrutiny over its safety record.
  • Virgin Media slapped with £28m fine for stopping customers cancelling deals

    Telecoms
    Vans parked at a bustling city intersection surrounded by tall buildings and pedestrians, highlighting urban transportatio...
  • ‘The problems didn’t begin with John Edwards’: Pressure grows for wider data watchdog overhaul

    Tech
    Offi
  • Watchdog opens probe into auditors of collapsed lender MFS

    Accountancy
    Canada
  • Ovo to cough up £10.4m for exposing vulnerable customers to harm

    Energy
    Stephen Fitzpatrick is the billionaire founder of Ovo Energy.
  • Cole Palmer: Chelsea footballer launches range of ‘premium craft ice’ for £2 a bag

    Sport Business
    Getty Images logo prominently displayed against a blurred background representing stock photography and visual media services
  • The Debate: Should CEOs be held personally accountable for cyberattacks?

    Opinion
    Evil-looking keyboard symbolizing cybersecurity threats and hacking risks in a digital landscape.

City PM — European politics, business and analysis.

Europe

  • Germany
  • France
  • Europe
  • UK & Ireland

Topics

  • Business
  • Markets
  • AI
  • Technology
  • Opinion
  • Energy

More

  • Politics
  • Economics
  • Fintech
  • Legal
  • Sport
  • Life

Company

  • About City PM
  • Editorial Policy
  • Corrections
  • Contact
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
© 2026 City PM · Published by CityPM Media, Bahnhofstrasse 65, 8001 Zürich, Switzerland
About · Editorial Policy · Corrections · Contact · Privacy · Facebook