Nando’s Customers Hit by Credential Stuffing Attacks
The popular chicken chain, Nando’s, has been cyber-attacked; attackers hijacked online accounts to place large orders. Due to covid-19, the restaurant industry has been attempting to find a way to optimize service while restrictions are in places such as QR codes and online ordering. Most orders are made online and picked up using a QR code in-store, however, attacks have used a tactic called “credential-snuffing”. By using stolen customer credentials used elsewhere, they can use the same information to access their Nando’s account. Since then, Nando’s has promised to reimburse customers for any fraudulent orders.
Since July 2018- June 2020, there has been 64 billion credential snuffing attempts in the retail, hospitality, and travel sectors. This can be remediated by having MFA on accounts or even just using different passcodes for each account.
*I thought this was interesting because I was also hacked using a fake KFC account*
https://www.infosecurity-magazine.com/news/nandos-customers-hit-credential/
Leave a Reply
You must be logged in to post a comment.