The recent experience of a number of Deliveroo customers (especially in London, but elsewhere too) serves to illustrate the importance of customers ensuring that they use different passwords for their various platforms, devices and apps.
This particular incident seems to have cost individual customers relatively little because the hackers have simply used the passwords to make unauthorised but relatively low-value food delivery purchases. In a different context, it could cost customers many thousands of pounds, of course.
The attack uses passwords that have been stolen from different online sources. These are then sold on the black market (for trivial amounts) and then used by petty criminals who target a variety of different outlets or platforms where the same passwords might also work.
There is even online assistance for these criminals to see whether the stolen passwords can be used on named outlets.
What we can all take away from this (if you’ll pardon the pun) is that cyber security is a personal responsibility not just a corporate issue. Because we all have to use passwords in multiple situations it is tempting to use the same one across the board. Who can remember 12 passwords and which one fits which app? But by adopting several passwords we can at least reduce the risk of falling victim to these secondary hacks.
Tim Heywood is data privacy and cyber security Partner at gunnercooke llp
Wir verwenden Cookies, um Inhalte und Anzeigen zu personalisieren und die Zugriffe auf unserer Webseite zu analysieren. Sie können sich jederzeit gegen die Verwendung von Cookies entscheiden.AnnehmenAblehnenMehr erfahren
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.