Online delivery service Deliveroo has alerted customers with vulnerable passwords that they are at risk of having their personal and account details stolen.

In November last year, it was reported that hundreds of Deliveroo customers had their accounts hacked and been charged for food and drink that they never ordered. At the time, the delivery firm said that the criminals were using passwords that were stolen from another service, unrelated to them, in a major data breach.

In a correspondence to customers yesterday, Deliveroo said: “During one of these checks, we discovered that the password you currently use on Deliveroo has been compromised. This is not linked to Deliveroo, but instead we believe this was caused by a data breach at some other website where you have used the same password.”

If the customers fail to change their password within a week of receiving the email, they will receive a second warning via email. If the password still remains unchanged, the user’s account will be blocked, but will still be accessible through the “forgotten password” function.

Alec Muffet, principal engineer for security at Deliveroo, said: “Security and safety are vital investments for us, informing why we perform this work and why we offer this advice. Our efforts reflect a developing industry best practice in password security, and we shall do everything that we can to ensure our customers' online safety.”

Rob Lay, head of presales, enterprise and cyber security at Fujitsu UK & Ireland, added: “With its latest statement on passwords, Deliveroo is showing a responsible approach to working with its customers. It also demonstrates how wide-ranging the threats facing both customers and businesses are. It is good advice which Deliveroo are giving and customers should take heed of it.”

Share Story: