An automated credential stuffing attack that affected more than 71,000 customers of Chick-fil-A, an American food chain,for months has been made known to its clients.
Attacks that use automation—often through bots—to test a large number of username-password combinations against targeted online accounts are known as credential stuffing. The practise of users using the same password for numerous online services has made this kind of attack vector possible; as a result, the login information used in credential stuffing attacks is frequently obtained from other data breaches and is made available for purchase from a variety of Dark Web sources.
“Following a careful investigation, we determined that unauthorised parties launched an automated attack against our website and mobile application between December 18, 2022 and February 12, 2023 using account credentials (e.g., email addresses and passwords) obtained from a third-party source,” the company said in a letter to those impacted.
Customers’ names, email addresses, membership numbers, mobile pay numbers, and masked credit or debit card numbers (m
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: