HQ/EMEAFind out how we can help your business
Last January, security researchers uncovered a suspected hack against the American fast-food chain Chick-fil-A. This time, the report was confirmed after the company said that over 71,000 customers’ accounts had been breached by hackers, compromising rewards balances and personal information.
The suspected hack on the fast-food chain began after researchers found a database of the company being sold online last year that was said to have been acquired through credential-stuffing attacks. Chick-fil-A was informed about the issue, forcing them to set up a customer support page should they detect suspicious activities from threat actors.
The Chick-fil-A hack impacted exactly 71,473 customer accounts.
Chick-fil-A submitted a report that confirmed suffering from a credential-stuffing attack between December 18, 2022, and February 12, 2023, impacting 71,473 customer accounts. The threat actors used users’ account credentials acquired from a third-party source to complete the operation.
In a distributed incident notification to customers, the company said the hack was confirmed on February 12, 2023, involving malicious actors accessing customers’ Chick-fil-A One account. The customers are warned that their personal information, such as names, email addresses, membership numbers, QR codes, mobile numbers, credit card numbers, and reward balances, could have been exposed to hackers.
Some customers could even have had additional information, such as dates of birth, home addresses, and the last four digits of credit cards, compromised in the hack.
Because of the hack’s threat against Chick-fil-A, the company was forced to reset all affected customers’ passwords, remove all payment information stored, and freeze all deposited funds. The company also sent reward points to the affected customers to apologise for the inconvenience.
Security researchers strongly advise the affected customers to change their passwords in other online accounts where they are using the same compromised Chick-fil-A password.
There is no detected data misuse by threat actors from the Chick-fil-A hack for now. However, customers must be cautious against threats from attackers that might abuse their stolen information for further cyberattack attempts.
