Chick-fil-A confirms hackers compromised accounts in months-long attack

Share post:

A fast-food restaurant chain Chick-fil-A announced that hackers gained access to their customers’ personal information, including names, email addresses, and phone numbers, in a months-long automated attack. The attackers, according to the company, used a technique known as credential stuffing, which involves using stolen login information from other sites to gain access to accounts on the target site.

This warning came after BleepingComputer notified Chick-fil-A just before Christmas about reports of Chick-fil-A user accounts being stolen and sold online in credential-stuffing attacks. Prices for these accounts ranged from $2 to $200, depending on the rewards account balance and linked payment methods.

“Following a careful investigation, we determined that unauthorized parties launched an automated attack against our website and mobile application between December 18, 2022 and February 12, 2023 using account credentials (e.g., email addresses and passwords) obtained from a third-party source. Based on our investigation, we determined on February 12, 2023 that the unauthorized parties subsequently accessed information in your Chick-fil-A One account.” – Chick-fil-A notification.

The fast food chain is alerting account holders that threat actors who hacked their account might have gotten a copy of their private data, including their name, email address, Chick-fil-A One membership number and mobile pay number, QR code, masked credit/debit card number, and the amount of Chick-fil-A credit (e.g., e-gift card balance) on their account (if any).

Birthdays, phone numbers, physical addresses, and the last four digits of credit cards may have been included for some customers. Chick-fil-A forced customers to reset passwords, froze funds loaded into accounts, and removed any stored payment information from accounts in response to the attack.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs



Related articles

Gartner debunks myths undermining cybersecurity success

Henrique Teixeira, Senior Director Analyst at Gartner, and Leigh McMullen, Distinguished VP Analyst at Gartner, highlighted and disproved...

Toyota discloses customer data breach

Toyota has disclosed that customer information from Japan and other countries in Asia and Oceania was publicly available...

Critical Vulnerability found in MOVEit

Progress Software has warned about a critical vulnerability in its popular file-transfer software, MOVEit, which could allow malicious...

Canadian Defence Minister concerned over increasing cyberattacks

Canadian Defence Minister Anita Anand has issued a warning that the country's key infrastructure is more vulnerable to...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways