Chick-fil-A issues notice on ‘fraudulent activity’ on mobile app

Share post:

Chick-fil-A, an American fast-food restaurant chain, notified customers of possible “fraudulent activity” on some of their mobile app accounts and announced an investigation to determine the source.

The announcement comes after BleepingComputer emailed the company before Christmas about reports of Chick-fil-A user accounts being compromised in credential-stuffing attacks.

Some of the stolen accounts are being sold for as little as $2 and as much as $200, depending on the account balance, linked payment method, or Chick-fil-A One points (rewards points) balance. Customers have also reported that their accounts have been hacked and their loyalty points have been depleted on social media.

“Chick-fil-A is aware of suspicious activity on some of our customers’ Chick-fil-A One accounts,” the company said in a statement. “While we are still investigating what happened and how certain customers became subject to this fraudulent activity, this is not due to a compromise of Chick-fil-A Inc.’s internal systems.”

Chick-fil- A stated that the activity was not the result of a breach in the company’s internal systems. Meanwhile, it has disabled the creation of new accounts and prohibited the use of disposable email addresses, requiring threat actors to hijack accounts through legitimate email services.

“Chick‑fil‑A is committed to protecting our customer’s data and we are working quickly to resolve the issue for any impacted customers,” they continued. “We understand and take seriously the trust you place in us to ensure your personal information is secure, and we apologize for any inconvenience you may have experienced.”

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways