A new report from Sift has revealed that food ordering and delivery services face notably more hacking attacks than other industries.

Sift found that the account takeover attack rate for these food services is 20%. The attack rate across all industries, meanwhile is just 2.5%.

Why is the food industry under attack?

According to Sift, there are several reasons why multiple food industry services are a prime target for hackers.

  • Online loyalty programs: Hackers can claim rewards for themselves, taking them from the original winner.
  • Food ordering and delivery services: Hackers can easily order from the app once they’re in, using a customer’s account information.

Business Insider interviewed Brittany Allen, a trust and safety architect at Sift, who shared additional reasons why these types of accounts are popular among hackers:

  • Most food apps don’t require two-step authentication, like a fingerprint or a pin.
  • Food accounts are often used periodically, so hackers know that their activity will often go undetected for a while.
  • Once a hacker has entered an account, they can start selling information or exploit the account for purchases.

Allen shares several examples that have previously been hacked, including Walmart and Instacart. She also explains how hackers can use just a phone or computer without any fancy equipment.

What can you do to protect your accounts?

According to Business Insider, several food-related apps have taken steps to guard against security threats.

But companies can only do so much, and it’s up to each person to secure their account as much as possible.

The Federal Trade Commission describes four ways you can secure your accounts:

  1. Create a strong password that is at least 12 characters, does not use common lyrics or phrases, and includes a mix of capital letters, numbers and symbols. If you struggle to think of a strong password, your browser can think up one for you and save it for you.
  2. Use multi-factor authentication, which can take the form of a code sent to your phone or email or authenticator app.
  3. Pick security questions only you can answer and nobody else. Avoid questions that can be easily solved by looking up online records or process of elimination. If you don’t want to put in a true answer, you can make up a password-like response instead.
  4. Change your password if it gets caught in a data breach. If you use that password for other services, change those, too.
Largest U.S. health insurer says third of Americans exposed in massive data hack