Chick-fil-A confirms hackers compromised accounts in months-long attack

Share post:

A fast-food restaurant chain Chick-fil-A announced that hackers gained access to their customers’ personal information, including names, email addresses, and phone numbers, in a months-long automated attack. The attackers, according to the company, used a technique known as credential stuffing, which involves using stolen login information from other sites to gain access to accounts on the target site.

This warning came after BleepingComputer notified Chick-fil-A just before Christmas about reports of Chick-fil-A user accounts being stolen and sold online in credential-stuffing attacks. Prices for these accounts ranged from $2 to $200, depending on the rewards account balance and linked payment methods.

“Following a careful investigation, we determined that unauthorized parties launched an automated attack against our website and mobile application between December 18, 2022 and February 12, 2023 using account credentials (e.g., email addresses and passwords) obtained from a third-party source. Based on our investigation, we determined on February 12, 2023 that the unauthorized parties subsequently accessed information in your Chick-fil-A One account.” – Chick-fil-A notification.

The fast food chain is alerting account holders that threat actors who hacked their account might have gotten a copy of their private data, including their name, email address, Chick-fil-A One membership number and mobile pay number, QR code, masked credit/debit card number, and the amount of Chick-fil-A credit (e.g., e-gift card balance) on their account (if any).

Birthdays, phone numbers, physical addresses, and the last four digits of credit cards may have been included for some customers. Chick-fil-A forced customers to reset passwords, froze funds loaded into accounts, and removed any stored payment information from accounts in response to the attack.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Controversial expansion of US surveillance powers nears Senate vote

The US Senate is poised to vote on a significant expansion of Section 702 of the Foreign Intelligence...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways