BreachExchange mailing list archives
Chipotle customers stewing over payment card hack
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 19 Apr 2019 04:03:37 -0500
https://www.scmagazine.com/home/retail/chipotle-customers-stewing-over-payment-card-hack/ Chipotle is receiving some negative customer reviews, but not over its food. Instead, some customers are saying on Twitter and Reddit that their payment card information has been hacked and is being used to make fraudulent purchases at the Mexican food chain. Chipotle denies a breach has taken place, although company officials did admit to monitoring possible account security issues, according to a TechCrunch story. Instead, Chipotle believes these people are victims of credential stuffing. Mounir Hahad, head of Juniper Threat Labs at Juniper Networks and Ameya Talwalkar, co-founder and CPO, Cequence so far are siding with Chipotle. Hahad noted that as long as victims are not reporting fraudulent activity outside Chipotle’s payment site, there is a very good chance this is just another credential-stuffing scenario. Usually, with groups like Magecart, the collected credit card information is recycled into underground forums for sale. It is not used to order food on the same website. “To be fully honest, the extent of the damage is probably minimal because anyone who gets food ordered though a hacked account would have to give away an address for delivery, which would put them at risk of prosecution,” he added. Customers who are primarily affected have an online Chipotle account with a stored payment card. Many people have reported being charged for orders that not only they did not place, but also were delivered to addresses in different cities. Others tweeted about having difficulty cancelling fraudulent orders, complaining that the company is not returning messages concerning refunds. However, it does appear that Chipotle staffers are contactingthose tweeting about their problems and attempting to help. SC Media has contacted Chipotle for further information. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Chipotle customers stewing over payment card hack Destry Winant (Apr 19)