Click For Photo: https://techcrunch.com/wp-content/uploads/2019/04/GettyImages-1005309346.jpg?w=600
A stream of Chipotle customers have said their accounts have been hacked and are reporting fraudulent orders charged to their credit cards — sometimes totaling hundreds of dollars.
Customers have posted on several Reddit threads complaining of account breaches and many more have tweeted at @ChipotleTweets
to alert the fast food giant of the problem. In most cases, orders were put through under a victim’s account and delivered to addresses often not even in the victim’s state.
Customers - TechCrunch - Days - Account - Password
Many of the customers TechCrunch spoke to in the past two days said they used their Chipotle account password on other sites. Chipotle spokesperson Laurie Schalow told TechCrunch that credential stuffing was to blame. Hackers take lists of usernames and passwords from other breached sites and brute-force their way into other accounts.
But several customers we spoke to said their password was unique to Chipotle. Another customer said they didn’t have an account but ordered through Chipotle’s guest checkout option.
Chipotle - Schalow - Company - Account - Security
When we asked Chipotle about this, Schalow said the company is “monitoring any possible account security issues of which we’re made aware and continue to have no indication of a breach of private data of...
Wake Up To Breaking News!