Chipotle customers are facing cyber attack, said their accounts have been hacked

Chipotle customers are complaining that their accounts have been hacked. They reported that food is being ordered by the hackers using their credit card details; sometimes the total bill is even up to hundreds of dollars.

Customers posted on their Reddit and Twitter accounts complaining about the security breach. They alerted the fast food company of the issue by tweeting at @ChipotleTweets. Although the food was ordered using customers’ accounts, in most of the cases, the delivery address was not theirs. Customers also informed that they used their Chipotle account password on other websites.

Laurie Schalow, a spokesperson from Chipotle said that credential stuffing is responsible for this. However, few customers said that their passwords were unique to Chipotle. Few other customers had ordered through Chipotle’s guest checkout option, as they didn’t have a registered account.

Schalow informed TechCrunch, “the company is monitoring any possible account security issues of which we’re made aware and continue to have no indication of a breach of private data of our customers.”If credential stuffing is responsible for the account breaches, as stated by the company,an automated login process can be prevented by rolling out two-factor authentication. However, when Chipotle was asked about its plans to add two-factor authentication, the spokesperson refrained from commenting, stating that the company doesn’t discuss its security strategies.

The case seems similar to the DoorDash’s security breach that happened last year.