Ethical Hacking News
A former DoorDash driver has been caught up in a $2.59 million scam that exploited fake accounts, insider access, and bogus delivery reports to bilk millions from food orders that were never delivered.
A former DoorDash driver has been involved in a $2.59 million online scam, highlighting the ease with which cybercriminals can exploit vulnerabilities in the system. The scam used fake accounts, insider access, and bogus delivery reports to trigger payouts for food that was never delivered. Two DoorDash employees' login credentials were compromised, allowing the scammers to access the system and execute the scheme. The scam involved creating fake driver accounts, which falsely reported food as delivered, triggering payments through a vendor acting on DoorDash's behalf. The perpetrators face up to 20 years in prison and fines of up to $250,000 for their roles in the scheme.
A recent case involving a former DoorDash driver has shed light on the complexities of online scams, highlighting the ease with which cybercriminals can exploit vulnerabilities in the system. Sayee Chaitanya Reddy Devagiri, a 30-year-old resident of Newport Beach, California, has pleaded guilty to participating in a $2.59 million scheme that used fake accounts, insider access, and bogus delivery reports to trigger payouts for food that was never delivered.
The scheme, which involved multiple fake customer and driver accounts, began with the creation of these "bogus" accounts. The group then used these accounts to place expensive orders throughout Northern California, taking advantage of DoorDash's internal systems to their benefit. However, it wasn't until they accessed the system using login credentials belonging to two DoorDash employees that the scam truly took off.
One of the employees in question is Tyler Thomas Bottenhorn, who briefly worked at DoorDash in 2020 and later pleaded guilty to conspiracy to commit wire fraud in 2022. The indictment does not explicitly state how Bottenhorn's credentials were obtained, but it is clear that Devagiri and his co-conspirators took every advantage of this insider knowledge.
The scam was intricate, involving a process that took less than five minutes per order. Prosecutors claim that the group created fake driver accounts under their control, which then falsely reported food as delivered, triggering payments through a vendor acting on DoorDash's behalf. This process was repeated hundreds of times, netting over $2.59 million in fraudulent payouts.
Devagiri, who has pleaded guilty to one count of conspiracy to commit wire fraud, faces up to 20 years behind bars and a $250,000 fine. His co-conspirators are also facing charges, with each potentially facing similar penalties for their roles in the scheme.
The DoorDash scam highlights the vulnerability of even seemingly secure systems when insiders are exploited or credentials fall into the wrong hands. This case serves as a reminder that cybersecurity threats come from many angles and can be both unexpected and devastating.
In related news, experts are warning about the growing threat of ransomware, particularly with recent breakthroughs in CPU-based attacks. The rapid evolution of these technologies underscores the importance of staying vigilant against emerging cyber threats and adapting security protocols to keep pace.
Related Information:
https://www.ethicalhackingnews.com/articles/A-259-Million-Scam-The-Complex-Web-of-Fake-Accounts-and-Insider-Access-Used-by-Former-DoorDash-Driver-to-Bilk-Millions-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/05/15/exdoordash_driver_scam/
https://www.msn.com/en-us/news/crime/doordash-scam-used-fake-drivers-phantom-deliveries-to-bilk-259m/ar-AA1ERNHK
https://teachmedelivery.com/customer/doordash-scams/
Published: Fri May 16 01:53:53 2025 by llama3.2 3B Q4_K_M
