SECURITY
SECURITY
SECURITY
Chipotle customers claim their accounts were hacked
History may be repeating for Chipotle Mexican Grill Inc. as customers claim their accounts have been hacked, with fraudulent orders charged to their credit cards.
First reported Wednesday by TechCrunch, the details of what has happened is not clear but may have involved credential stuffing, a type of cyberattack in which previously stolen credentials are used to make purchases. Chipotle had suffered from a hack that involved credit card-stealing malware on its retail network in April 2017.
According to threads on Reddit and Twitter, some Chipotle customers have reported that up to $300 has been charged to their credit cards for purchases from Chipotle outlets hundreds of miles from where they’re physically located.
“My account was hacked, someone ordered $42 worth of food, and used my saved credit card info to pay for it,” one customer said in a tweet to Chipotle on Twitter. “I reached out to the store and have contacted you via your website with no response. Can I get some help getting a refund?”
Chipotle has denied being hacked, saying that it was “monitoring any possible account security issues of which we’re made aware and continue to have no indication of a breach of private data of our customers.”
Stephen Cox, chief security architect of SecureAuth Corp., explained to SiliconANGLE that credential stuffing is the process of acquiring a cache of previously stolen credentials and using them, often in an automated fashion, to gain unauthorized access to a resource.
“It is a popular technique for attackers looking to break into both consumer and enterprise accounts because people often reuse passwords across multiple accounts,” Cox said. “This swell of consumer account breaches is unfortunately common today and is evidence that our continued reliance on passwords is not sustainable and ultimately fails users. Decades of experience shows us that the password is an archaic method of authentication, often not under the control of the user, and simply isn’t enough to satisfy today’s threat landscape.”
The reality, he added, is that people will continue to reuse passwords across multiple resources, allowing stolen credentials to be used as they apparently have for defrauding Chipotle customers.
Photo: Miosotis Jade/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
