Ocado - systems hacked? Change your passwords
Discussion
Had a fraud attempt on our Ocado account today, I noticed it because my banking app showed the transaction notification on my phone. Spoke to the bank’s fraud department ”We’ve had lots of these recently with Ocado”. Contact Ocado who are pretending it’s not an issue “some customer’s email addresses appear to have been compromised”…quick search online shows multiple people reporting similar fraud attempts.
Kim in Mitcham won’t be getting her booze delivered at 5.30pm tonight…she’ll be okay though as Ocado won’t be reporting it. I asked.
It appears Ocado are more worried about their share price than customers accounts.
If you’ve got an account I’d recommend changing your password and cancelling the credit card linked to it….
Kim in Mitcham won’t be getting her booze delivered at 5.30pm tonight…she’ll be okay though as Ocado won’t be reporting it. I asked.
It appears Ocado are more worried about their share price than customers accounts.
If you’ve got an account I’d recommend changing your password and cancelling the credit card linked to it….
butchstewie said:
Curious but were you using a strong unique password for your Ocado account or a password you use elsewhere?
I was. I use Apple’s “Strong Password” It seems they went in to my account and changed the account name to “Kim S” and then entered an address in Mitcham as home address. So when I rang up to speak to Customer Serrvices they couldn’t find my account as they use postcode as one of the identifiers.
Seems like reading some of the below links Ocado are denying any responsibility
Discussion on Reddit
https://www.reddit.com/r/FraudPrevention/comments/...
Local newspaper
https://www.theargus.co.uk/news/25995843.uckfield-...
Mumsnet
https://www.mumsnet.com/talk/shopping/5515591-ocad...
Etc etc
So what's happening to the dodgy orders? Do they get intercepted/redirected by the Ocado delivery guys (who seem pretty iffy at times) or do you get the joy of putting in the windows of someone who thought it was clever to get involved in a rip off?
Sounds like the dodgy orders are getting sent all over so sounds a bit complex.
Sounds like the dodgy orders are getting sent all over so sounds a bit complex.
Cheib said:
I was. I use Apple s Strong Password
It seems they went in to my account and changed the account name to Kim S and then entered an address in Mitcham as home address. So when I rang up to speak to Customer Serrvices they couldn t find my account as they use postcode as one of the identifiers.
Seems like reading some of the below links Ocado are denying any responsibility
Discussion on Reddit
https://www.reddit.com/r/FraudPrevention/comments/...
Local newspaper
https://www.theargus.co.uk/news/25995843.uckfield-...
Mumsnet
https://www.mumsnet.com/talk/shopping/5515591-ocad...
Etc etc
Do you mean you were using a password you've used elsewhere or you've always used an Apple strong password?It seems they went in to my account and changed the account name to Kim S and then entered an address in Mitcham as home address. So when I rang up to speak to Customer Serrvices they couldn t find my account as they use postcode as one of the identifiers.
Seems like reading some of the below links Ocado are denying any responsibility
Discussion on Reddit
https://www.reddit.com/r/FraudPrevention/comments/...
Local newspaper
https://www.theargus.co.uk/news/25995843.uckfield-...
Mumsnet
https://www.mumsnet.com/talk/shopping/5515591-ocad...
Etc etc
The reason I'm asking is that often what happens is if you use your email address and "Password1234" (or whatever) across loads of websites when one of those websites with poor security gets hacked the hackers now have your email address and know you use a password of "Password1234".
The hackers then try that email address and password with other websites and if you're using it with Ocado they can login to your account.
Of course it's quite possible Ocado have had an incident but usually password re-use is the more likely explanation.
If people don’t catch them in time Ocado are still delivering them and it seems in some cases refusing to cancel orders. In my case the order was placed at 11am yesterday for delivery at 5pm. When I cancelled the bank transaction within 20 mins, I spoke to Ocado early afternoon who then cancelled the delivery. Ocado don’t inform the police, they report it to a Fraud Prevention service.
butchstewie said:
The hackers then try that email address and password with other websites and if you're using it with Ocado they can login to your account.
Of course it's quite possible Ocado have had an incident but usually password re-use is the more likely explanation.
Doesn't seem to be credential stuffing from the reports, sounds like they either have an access control flaw or an internal abuse of the system.Of course it's quite possible Ocado have had an incident but usually password re-use is the more likely explanation.
Mate has told me that they had an Ocado delivery today…turned up very late and everything being done manually. Delivery driver didn’t have his normal computer.
So either his computer has run out of battery or they’ve shut some of their systems down. Remote access is a classic way hackers get in to systems.
So either his computer has run out of battery or they’ve shut some of their systems down. Remote access is a classic way hackers get in to systems.
Gassing Station | News, Politics & Economics | Top of Page | What's New | My Stuff