Chick-fi-A says it’s actively investigating reports of fraud hitting some of its Chick-fil-A One® member accounts.
The company emphasized that no internal servers have been compromised and that it’s committed to protecting its customers.
“Chick-fil-A is aware of suspicious activity on some of our customers’ Chick-fil-A One® accounts,” the company explained in a tweet. “While we are still investigating what happened and how certain customers became subject to this fraudulent activity, this is not due to a compromise of Chick-fil-A Inc.’s internal systems. Chick-fil-A is committed to protecting our customers’ data and we are working quickly to resolve the issue. “
According to BleepingComputer, stolen loyalty member accounts were put up for sale online before Christmas, with prices ranging from $2 to $200, depending on the account balances.
Since then, dozens of internet users have confirmed that their accounts were compromised on social media platforms, including Reddit.
“Any idea how to get my account back? The email and password must of been changed,” one user said. “I can’t ‘reset password’ when I type my email in because (I’m assuming) they changed it.”
This could mean that Chick-fil-A account members were victims of a successful credential-stuffing attack that locked them out of their accounts and drained their loyalty points.
To report suspicious activity, users can dial the dedicated number 1-866-232-2040 and contact the fast-food restaurant chain online.
Steps customers can take to secure their accounts if they suspect misuse:
Need help securing your digital identity and preventing fraud on your online accounts? We’ve got you covered!
Bitdefender Ultimate Security (US only) plans include award-winning anti-malware and anti-ransomware protection alongside handy tools and services to help you navigate the digital realm securely, including:
Non-US internet users can opt for Bitdefender’s Digital Identity Protection service that continuously monitors your personal information, alerting you in real-time to data breaches and leaks. This lets you immediately change your passwords and secure your accounts to prevent financial loss or even social media impersonation.