Security News > 2023 > January > Chick-fil-A investigates reports of hacked customer accounts
American fast-food restaurant chain Chick-fil-A is investigating what it described as "Suspicious activity" linked to some of its customers' accounts.
A support page on Chick-fil-A's One Membership Program customer support website provides potentially affected clients with details on what to do if they notice unusual activity on their accounts, if they see any mobile orders placed without their approval, or if they're loyalty points were used to redeem or gift rewards fraudulently.
Today's warning comes after BleepingComputer emailed the company before Christmas regarding reports that Chick-fil-A user accounts were being breached in credential-stuffing attacks.
Some of the stolen accounts are being sold for $2 to $200, depending on the account balance, linked payment method, or Chick-fil-A One points balance.
Social networks have also been flooded with customer reports saying their accounts have been hacked and emptied of loyalty points.
Chick-Fil-A has since disabled the creation of new accounts and banned the use of disposable email addresses, requiring threat actors to use legitimate email services for hijacking accounts.