Chick-fil A investigates customer accounts hacked

Chick-fil-A, an American fast-food chain restaurant chain Chick-fil-A, is looking into “suspicious activities” that may be linked to accounts of some customers.

The company stated that they are looking into suspicious activity in customer accounts. This alert was posted on the company’s official website Friday. It was first noticed by security researcher

We are dedicated to the protection of customers’ data, and we are working fast to solve this issue.

The is located on Chickfil-A’s One Member Program Customer Support Website. It provides information to clients who may be affected. This includes details about what to do if there’s unusual activity in their accounts or mobile orders that were placed without their consent.

Customers are advised to change passwords immediately if they notice anything strange.

You should also delete any existing payment methods such as debit or credit cards from your Chickfil-A One account. To do this, go into Chickfil-A’s app and click “Manage payment options”.

what you should do if your Chick-fil A One account was used to order mobile products without your knowledge.

Chick-fil-A alert (BleepingComputer)

Online sale of Chick-Fil A accounts hacked

After receiving reports from Chick-fil A users being hacked in credential-stuffing attack, BleepingComputer sent the company an email before Christmas.

We have yet to hear back from the threat intelligence researcher, but he told BleepingComputer that hijacked accounts can be used to purchase food with widespread attacks using disposable email addresses. This tactic Chickfila customers were advised about today.

Some stolen accounts can be sold at prices up to $200 depending on their account balances, linked payment methods, and Chick-fil A One reward points balance.

Customers have reported to social networks [1, 2, 3, 4 5, 6, 6] that their accounts were hacked, and they have lost loyalty points.

Chick-fil-A accounts for sale (BleepingComputer)

Chick-Fil-A banned new account creation and prohibited disposable email addresses. Threat actors must now use legit email services to hijack accounts.

BleepingComputer reached Chick-fil A One for clarification but was unable to reach them immediately.