Tag: assault

American speedy meals chain Chick-fil-A has verified that over 71,000 customers’ accounts ended up breached in a months-prolonged credential stuffing attack, permitting danger actors to use saved rewards balances and entry personalized details.

In January, BleepingComputer reported that Chick-fil-A experienced started investigating what it explained as “suspicious activity” on customers’ accounts.

At the time, Chick-fil-A set up a support site with information and facts on what buyers ought to do if they detect suspicious activity on their accounts.

This warning arrived right after BleepingComputer emailed Chick-fil-A before Christmas about experiences of Chick-fil-A person accounts getting stolen in credential-stuffing attacks and bought on the net.

These accounts ended up bought for prices ranging from $2 to $200, based on the benefits account equilibrium and linked payment solutions.

A single Telegram channel found by BleepingComputer confirmed people today getting these accounts and then sharing images of their buys built via these accounts.

Chick-fil-A confirms credential stuffing attack

Currently, Chick-fil-A confirmed our reporting in a safety discover submitted to numerous Attorney Normal places of work, stating that they endured a credential stuffing attack amongst December 18th, 2022, and February 12th, 2023. This sustained assault permitted the threat actors to hack a total of 71,473 Chick-fil-A accounts.

The fast food chain is warning impacted customers that risk actors who accessed their account would have also experienced accessibility to their particular info, including their name, email handle, Chick-fil-A One membership variety and mobile fork out selection, QR code, masked credit rating/debit card selection, and the quantity of Chick-fil-A credit rating (e.g., e-gift card stability) on your account (if any).

For some clients, the info might have