Exploit: Account takeover.
Deliveroo: Online food delivery business based in London.
Risk to Small Business: 1.777 = Severe: Customers are complaining that they are being charged for online orders they have not made through Deliveroo, amounting up to 1,000 euros. The company maintains that this being caused by “customers using the same usernames and passwords on multiple online accounts and those details being involved in a data breach on another platform”. However, the company could have proactively asked users to reset their accounts, especially in light of the fact that a similar incident occurred back in 2016. Risk levels are high, considering the company could be fined millions while also facing customer churn.
Individual Risk: 2.428=Severe: Although it remains to be understood as to how hackers are accessing Deliveroo user accounts, they have likely gained access to usernames, passwords, and financial details. Users who share account details across multiple platforms are even more susceptible to high risk.
Customers Impacted: To be determined.
How it Could Affect Your Customers’ Business: Even when identity theft originates from another breach, companies will be held responsible for securing accounts on their platforms by regulatory agencies as well as customers. It is crucial that businesses protect their reputation by asking users to change account details periodically. Also, as mentioned previously, they must invest in detection solutions to track down the source of a breach early on.
ClearYolk to the Rescue: We offer industry-leading detection by monitoring the Dark Web for your customer’s data.
www.pymnts.com/news/regulation/2019/deliveroo-gdpr-data-security/
