Food delivery startup Deliveroo will today alert customers with vulnerable passwords that they are at risk of being hacked.
While Deliveroo's website has not been breached or hacked, the firm has identified a number of customers whose email addresses were compromised in data breaches on other websites.
It will urge those customers to update their passwords in an email, seen by City A.M.
The firm will say:
During one of these checks, we discovered that the password you currently use on Deliveroo has been compromised. This is not linked to Deliveroo, but instead we believe this was caused by a data breach at some other website where you have used the same password.
Deliveroo will warn customers that if they do not change their password within a few days of receiving the email, they will be alerted with a second email. If the password is still unchanged, Deliveroo will lock the account, but it will still be accessible through the "forgot password" function.
Alec Muffett, principal engineer for security at Deliveroo said: "Security and safety are vital investments for us, informing why we perform this work and why we offer this advice. Our efforts reflect a developing industry best practice in password security, and we shall do everything that we can to ensure our customers' online safety.”