Recently, I heard a very interesting story about Swiggy from someone. Their mum booked a high value order as a surprise for them on Swiggy. Since they had a Swiggy One subscription, the whole family used the same account.
Halfway through, the delivery person calls them, says the vehicle broke down. Mum steps away to deal with something else and when the delivery person calls again, their dad picks up. The delivery person says the vehicle broke down but he'll figure something out and send it with someone else, but to do that first, he'll need their details. He proceeds to ask for their phone number (linked to account) and for the OTP sent from Swiggy? Sounds super strange but the dad took pity and figured sure, let me try and make this delivery person's unlucky day a bit nicer — after all, it's a Swiggy account anyways, what harm could it do. He shared the OTP.
Almost immediately after, the delivery person changed the phone number for the account and everyone logged in lost access to the account. Ofc, he scammed the order for himself. The real kicker is that their Email ID was still linked to the account, so anytime the delivery person makes an order, they get an email with his order details. So far, they've been regularly getting order details emails with orders for paan, gutkha, cigarettes and some sides/chakna, all to some mall. 😂
Now, cool story bro, but how is this Swiggy's fault, you ask? Well, support has been contacted multiple times, over multiple accounts, but to no avail, because clearly their customer support has gone to shit. Even with the address and phone number of the delivery person who scammed them, and having an email id linked to the account, they've been of absolutely no help, as if their hands are tied. Their user workflows are so brittle, they don't account for the simplest locked out of account scenarios, let alone address security concerns and protect the customer from their own agents. Truly a wonder this company is worth anything.