Food delivery startup Deliveroo has warned it’s customers with vulnerable passwords that they are at risk of being hacked. The company has not been breached and their website has not been infiltrated but has identified a number of customers whose email addresses were compromised in data breaches on other websites. Javvad Malik, Security Advocate at AlienVault commented below.
Javvad Malik, Security Advocate at AlienVault:
“Password reuse from compromised accounts is a favoured attack by many attackers. In this they will take the passwords associated from one breach and try to use those to gain access to other accounts belonging to users.”
“It is therefore important that users remain vigilant by not using the same password across different sites. A password manager can be a good tool to help users generate unique passwords for each site.”
“On the provider side, it is useful to have checks in place to source password dumps and ensure its customers aren’t reusing the same ones. These can be obtained from private dumps, but also by utilising threat intelligence vendors which can source password databases that are traded on the dark web where many criminals operate.”
