This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
04/26/2019
The Chipotle Hack And The Troubling Trend Of Credential Stuffing
PYMNTS.com
The news out of Chipotle feels a bit like déjà vu, as it’s a story we’ve all heard before. Reports have appeared all over social media, particularly via Reddit and Twitter, about Chipotle user accounts being pirated, with hundreds of dollars’ worth of food ordered to customer cards that those customers never saw. In many cases, according to reports, the delivery addresses on the fraudulent orders were to states different from the home addresses on the accounts.
There is a bit of a twist in this often-told tale of breached consumer data: Chipotle maintains that the company itself has not been breached. Consumers often repeat passwords across sites, the firm noted, and fraudsters use a technique known as credential stuffing — wherein they’ve taken email addresses and passwords gleaned in other attacks, and used them to brute force their way into customers’ Chipotle accounts.
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more information
Resources
Your electronic library to help in fighting financial fraud for all of our partners.
more information