Chipotle: American chain of fast casual restaurants
Risk to Small Business: Severe: Several individuals took to Twitter and Reddit to report that their Chipotle accounts were being used to place unauthorized orders at locations across the country. However, many of the customers maintain that their passwords were unique to Chipotle, which could rule out the possibility of a credential stuffing attack and shift the blame directly on Chipotle. In response, Chipotle officials stated that they don’t believe their network was breached or that personal data was revealed to outside entities. This is the company’s second data security incident in two years, and they have yet to roll out two-factor authentication for their customers.
Individual Risk: Moderate: In credential stuffing attacks, hackers leverage personal information retrieved from past data breaches to breach new accounts. Chipotle account holders should enlist in identity monitoring solutions and reset their passwords to protect their information going forward.
Customers Impacted: To be determined
How it Could Affect Your Business: Being able to rule out a credential stuffing attack is crucial to identifying the source of a breach. Without the help of an MSP or an MSSP that offers Dark Web monitoring solutions, it becomes incredibly difficult to track how compromised data is being leveraged by hackers. When developing digital platforms, companies of all sizes need to plan to protect their customer data by taking every precaution to ensure that their information is never compromised.
In Other News:
A new study reveals data exposure from hotel reservations
Symantec’s recent report on the security vulnerabilities of hotel websites found that the majority of them are leaking customer data.
The study was exhaustive, including 1,500 hotels in 54 countries and covering the gauntlet of lost-cost and high-end hotels. However, no single panacea was presented as a solution for the issue. Instead, different companies faced unique vulnerabilities to their systems and processes.
For instance, most hotels send guests a link to manage their reservation, but some hotels fail to encrypt this data, making it easily accessible to hackers and others accessing this information. At the same time, hotels collaborating with discount sites and advertisers are making guest data available to these third-party partners, elongating the exposure.
Moreover, the company found that hotels are uniquely susceptible to brute force attacks, a unique vulnerability that could allow bad actors to target specific individuals including CEOs, celebrities, or conference attendees.
Coming on the heels of the Marriott breach that revealed the information of 500 million guests, this report is a reminder to the industry that they need to be particularly aware of their security vulnerabilities and to take steps to protect customer information. Software solutions like BullPhish ID can mitigate many of these issues at the root source by helping you gain a thorough understanding of your company’s unique cybersecurity needs.