SINGAPORE: Deliveroo Singapore has revealed that it has been “made aware” of fraudulent activity affecting a “small number of local accounts” as of Friday (Nov 25).
The food order taking and delivery app developer told Channel NewsAsia in an updated email statement that these accounts “have been suspended and are being assessed”. “If anyone believes that their account has been compromised, they should reach out to Deliveroo as soon as possible for assistance,” it added.
The London-headquartered company’s comments came after it said on Thursday that it was a “UK only issue”, after Channel NewsAsia asked if problems with unknown orders had affected users in Singapore.
According to the BBC’s Watchdog programme, users of the app were billed with unknown orders, with one user saying that £200 was spent on burgers delivered to several addresses.
SINGAPORE USER MADE TO “JUMP THROUGH HOOPS”
A Singapore-based British citizen, who declined to be named, contacted Channel NewsAsia on Friday with a similar experience.
The customer, who downloaded Deliveroo’s app in Singapore and linked it to a Singapore credit card, saw three separate food orders charged to the account, with sterling currency used in these orders and the food sent to three different London addresses.
While the order status was “order failed”, the actual delivery of the food was still carried out based on the notifications received, the customer said.
The affected user also saw user details, including the name and address, changed without the person’s knowledge, based on screengrabs seen by Channel NewsAsia.
The person added that after discovering the fraudulent orders, the person contacted Deliveroo’s customer service, which said that the person’s credit card should be cancelled and to inform local authorities. It also said the person would have to show them the transactions in question as well as the case report before the company could take up the case.
“They appear to be making me jump through hoops,” the affected customer said in a phone conversation, who added this was unfair as the fault did not lie with the user.
Since then, Deliveroo had contacted the unnamed user to explain that the person’s email and password could have been leaked in previous hacks involving MySpace, LinkedIn, Dropbox and Bitcoin. The user has since reset Dropbox and LinkedIn accounts.
Channel NewsAsia approached Deliveroo regarding this user’s case, but it declined to comment beyond a line from Thursday’s statement. It also said it has “no further comments”.
