Several customers of online food delivery firm Deliveroo lost hundreds of pounds as their accounts with service have been hacked by fraudsters.
Deliveroo, which was founded in 2013, makes money by charging restaurants a commission fee, and by charging customers a fee per order.
An investigation by the BBC’s Watchdog programme has found that customers in the UK are being charged for food and drink they did not order.
Deliveroo user Judith MacFadyen from Reading told Watchdog that her account was breached and more than £200 spent on burgers prior to being delivered to various addresses in London.
MacFayden told Watchdog: “I noticed that I had a ‘thank you’ email from Deliveroo for a burger joint in Chiswick. I thought that was really odd so I went on to my account and had a look and there had been four orders that afternoon to a couple of addresses in London.”
Steve Tappin was charged £98 for a delivery from a TGI Friday and Margaret Warner from Manchester was reportedly charged £113.70 for food she never ordered. They were both refunded.
Deliveroo said it is aware of the cases raised by Watchdog and denied that any financial data had been compromised in these incidents.
The company said stolen passwords from other data breaches were used to access the accounts and order food. It urged customers to use strong and unique passwords for every service they use.
Deliveroo said: “Customer security is crucial to us and instances of fraud on our system are rare, but where customers have encountered a problem, we take it very seriously.”
Earlier this year, Deliveroo raised $275m in a new round of investment to expand its operations.
The company said it will use the funds to expand its services in both new and existing markets, as well as to invest in projects such as RooBox, a remote kitchen initiative.