American fast food restaurant chain Chick-fil-A has recently informed roughly 71,000 of its customers that their user accounts have been compromised in a two-month-long credential stuffing campaign. The attack, which targeted both the website and the mobile application of the company, was conducted using stolen usernames and passwords that were obtained from a third-party source.
Credential stuffing is a type of cyberattack that relies on automation via bots in order to test hundreds of thousands of username-password pairs against new targets. The attackers gained access to the Chick-fil-A One accounts and the information within, which included names, email addresses, masked credit/debit card numbers, Chick-fil-A One membership information, and the available Chick-fil-A credit for each account.
In response to the incident, the company has prompted impacted users to reset their passwords, removed stored credit/debit card payment methods, and temporarily froze any funds that users might have loaded into their Chick-fil-A One accounts. Additionally, Chick-fil-A has restored account balances for the impacted accounts, which in some cases included refunding to users’ original form of payment, and added rewards to accounts.
The attack on Chick-fil-A is yet another reminder of the importance of using unique passwords for each online service and of not reusing the same password for multiple accounts. This is especially important for those who have accounts with companies that have been the victim of data breaches, as attackers can obtain the credentials for those accounts and use them to gain access to other services.
In conclusion, American fast food restaurant chain Chick-fil-A has recently notified customers that their user accounts have been compromised in a credential stuffing campaign. The attackers gained access to the Chick-fil-A One accounts and the information within, and the company has taken steps to protect their customers and restore any lost funds.
Key Points:
• 71,000 customers of American fast food restaurant chain Chick-fil-A were impacted by a two-month-long credential stuffing campaign.
• The attackers gained access to the Chick-fil-A One accounts and the information within.
• In response to the incident, the company has prompted impacted users to reset their passwords, removed stored credit/debit card payment methods, and temporarily froze any funds that users might have loaded into their Chick-fil-A One accounts.
• It is important to use unique passwords for each online service and not to reuse the same password for multiple accounts.