Nando’s Customers Hit by Credential Stuffing Attacks

  • Some consumers of well known higher avenue eatery Nando’s have been remaining hundreds of kilos poorer soon after cyber-attackers hijacked their on the internet accounts to area substantial orders.

    Studies in Uk media disclosed that numerous clients of the peri-peri chicken chain have had their accounts compromised. Owing to COVID-19 constraints, prospects must now scan a QR code in retailer and order on-line to get their foods.

    Even so, that has still left the doorway open up to attackers attempting beforehand breached log-ins from other web-sites to hijack their accounts, when these credentials are reused by the victims.

    According to a single report, a group of younger people today fraudulently placed two large orders in-store, after seeking and failing numerous times to use hijacked accounts.

    Nando’s explained it would reimburse any customers scammed in this way, and promised to get greater at spotting fraudulent account exercise.

    “We can affirm that although our units have not been hacked, sadly some person Nando client accounts have been accessed by a celebration or functions employing a method identified as ‘credential-stuffing,’ whereby the customer’s email handle and password have been stolen from somewhere else and, if they use the exact same facts with us, utilized to access their Nando’s accounts,” it added in a assertion.

    There were being 64 billion this sort of credential stuffing tries between July 2018 and June 2020, in the retail, hospitality and vacation sectors, according to Akamai details produced last week.

    Brian Higgins, security professional at Comparitech, argued that this variety of fraud has turn into additional common through the pandemic as hospitality venues put into practice on-line buying platforms to enable secure workers and shoppers.

    “The security of these platforms is usually likely to be questionable and it is certainly vital that customers acquire their individual security steps seriously. Hardly ever use the very same password for much more than one application, irrespective of whether it is your bank account, your Fb site, your Deliveroo account or something else,” he ongoing.

    “If attackers, as in this circumstance, can steal the password to just one application, they will have entry to them all. Password management is a pain but feeding anyone else’s close friends at Nando’s is worse.”