The recent experience of a number of Deliveroo customers (especially in London, but elsewhere too) serves to illustrate the importance of customers ensuring that they use different passwords for their various platforms, devices and apps.
This particular incident seems to have cost individual customers relatively little because the hackers have simply used the passwords to make unauthorised but relatively low-value food delivery purchases. In a different context, it could cost customers many thousands of pounds, of course.
The attack uses passwords that have been stolen from different online sources. These are then sold on the black market (for trivial amounts) and then used by petty criminals who target a variety of different outlets or platforms where the same passwords might also work.
There is even online assistance for these criminals to see whether the stolen passwords can be used on named outlets.
What we can all take away from this (if you’ll pardon the pun) is that cyber security is a personal responsibility not just a corporate issue. Because we all have to use passwords in multiple situations it is tempting to use the same one across the board. Who can remember 12 passwords and which one fits which app? But by adopting several passwords we can at least reduce the risk of falling victim to these secondary hacks.
Tim Heywood is data privacy and cyber security Partner at gunnercooke llp