Security News > 2020 > October > Nando’s Hackers Feast on Customer Accounts

Credential-stuffing is accomplished by hackers who take advantage of users who often reuse the same passwords across multiple online accounts.

The cyberattackers use stolen passwords and usernames from previous data breaches to brute-force accounts on a wide scale, and when a match is found, they can take over the victim's account.

Multiple Nando's customers said their usernames and passwords were stolen and the accounts used to place high-volume orders, according to reports.

The mobile numbers were also changed on the impacted accounts.

"We can confirm that while our systems have not been hacked, unfortunately some individual Nando customer accounts have been accessed by a party or parties using a technique called credential-stuffing, whereby the customer's email address and password have been stolen from somewhere else and, if they use the same details with us, used to access their Nando's accounts," Nando's said in a press statement.

News URL

https://threatpost.com/nandos-hackers-customer-accounts/160527/