Delivery and restaurant brands such as Deliveroo, Domino’s, Papa John’s and Nando’s are among those most targeted by computer hackers, it has been claimed.
Cybersecurity specialist DynaRisk said that the hacking of accounts among such brands is “rife”, with criminals teaming up to access customer details.
Its research found that cyber criminals are sharing ‘cheat sheets’ for hacking tools used to break through site defences at scale, with sectors such as food delivery companies among the most popular targets.
Users of the services listed are vulnerable to account takeover, with UK users particularly at risk of having their accounts hijacked by cybercriminals.
The research reveals that a cache of files containing configuration scripts are being used in conjunction with hacker tools to hijack people’s accounts.
The research has found that millions of accounts could be vulnerable; hackers simply need to obtain stolen email address and password combinations, combine them with these cheat sheets and feed them into hacking tools. If they discover a match, they’ll be able to break into the food delivery service as the victim.
DynaRisk obtained over 1000 configuration files for a popular hacking tool and discovered that online food delivery services are routinely targeted.
CEO and founder, Andrew Martin, said: “Unfortunately, consumers often use the same log-in credentials across a number of different platforms – and seldom consider the security of their personal data when benefitting from the convenience of platforms such as Deliveroo. It takes only one cybercriminal to hack a site’s defences and share this knowledge with the community, leaving accounts vulnerable to credential stuffing and fraud.”
“When hacks of this nature happen and scams occur, it can be difficult to reclaim any money stolen since it becomes difficult to prove the transaction was made fraudulently. This makes the security of credentials on these platforms crucial to safeguard.
“If a consumer has a credit card hooked up to services such as these, they should regularly update log-in details and passwords; making each new password random and unique. There is also the ability to enable two-step verification on purchases with some sites; this will alert a consumer to a log-in attempt and provide the ability to block the activity remotely before it’s too late.”