Some of Nando’s customers have become victims of cyberattack when attackers hacked their online accounts to place large orders that cost them hundreds of pounds.
According to reports in UK media, several customers of the popular restaurant chain have had their accounts compromised including usernames and passwords.
The customers are required to scan a QR code in store with their phone to order their food online due to Covid-19 restrictions. But this has made it easy for the hackers to try previously breached log in details from other sites to hack their accounts, when the same login details are reused by the victims.
There was a report in which a group of young people fraudulently placed two large orders in-store, after trying and failing several times to use hijacked accounts.
Nando’s apologized and promised that they would reimburse any customers who have been scammed like this. They also assured that they would be more cautious in effectively finding fraudulent account activity.
The restaurant chain confirmed that their system has not been hacked and that some of their customers were victims of credential-stuffing, in which the customer’s email address and password which was stolen from some other sites when reused in Nando’s accounts were used to access it.
The only way to prevent credential stuffing attack is to not reuse the same password for different sites. Always make it a practice to use unique login credentials for every account.