Chick-fil-A, an American chain of fast food restaurants, is looking into what it called “suspicious activity” connected to some of its customers’ accounts.
This is in response to reports of fraudulent activity on its mobile app after many users claim that hackers gained access to their data, including bank account details.
The Chick-fil-A System Hack Caused Suspicious Activity In Users’ Accounts
The chain posted a statement on Twitter saying it is acting fast to secure consumer data and that the action is not related to a breach of Chick-fil-A Inc.’s internal systems.
According to Nation’s Restaurant News, a number of clients reported the alleged breach after sharing their stories on the Paulding County Uncensored Facebook group.
It is important to note that Paulding County is a part of the Atlanta metropolitan area, which is home to Chick-fil-A.
As of writing, there are currently more than 100 comments referring to questionable activity in the customer’s account on the restaurant’s mobile app.
Potentially affected customers can find instructions on what to do if they see strange behavior on their accounts on a support page on Chick-fil-One A’s Membership Program customer service website.
This also applies if customers see any mobile orders placed without their consent or if their loyalty points have been fraudulently redeemed or gifted, according to Bleeping Computer.
Customers are recommended to immediately change their passwords to new ones that are unique, complex, and not used on other online accounts if they notice anything unusual.
By accessing the Chick-fil-A app, the Account menu, and selecting “Manage payment methods,” they should also delete any stored payment methods, such as credit or debit cards, from their Chick-fil-A One accounts.
Aside from McDonald’s, Starbucks, and Chipotle in the restaurant category, Chick-fil-app A’s is the seventh most downloaded food and beverage app on Apple’s app store with over 10 million downloads.
Compromised Accounts Have Allegedly Been Sold Online
The company received an email just before Christmas informing them of claims that user accounts at Chick-fil-A were being compromised by credential-stuffing attacks.
Dedicated customer Kimberly Weot claims that on Wednesday, someone accessed her Chick-fil-A One account, changed the account email, and transferred money using her card, 11 Alive writes.
While the food chain has not yet responded to the attack, a threat intelligence researcher claims that the hijacked accounts are being utilized in widespread attacks along with disposable email addresses to purchase food.
However, a representative for Chick-fil-A said in a statement that the company is investigating how some of its patrons fell for this con.
According to Bleeping Computer, depending on the account amount, associated payment method, or Chick-fil-A One points (rewards points) balance, some of the stolen accounts are being sold for $2 to $200.
Because of that, customers have also reported numerous times that their accounts have been compromised and their loyalty points stolen on social media.
Since then, Chick-Fil-A has prohibited the establishment of new accounts and the use of disposable email addresses, forcing threat actors to use reliable email services rather than disposable ones in order to hijack accounts.
Related Article: Data Of 400 Million Twitter Users Is On Sale, Hacker Claims
Sign Up for the iTechPost Newsletter
Get the Most Popular iTechPost Stories in a Weekly Newsletter
Source: Read More