Jasons Deli Accounts Compromised by Credential Stuffing

  /     /     /  
Publicated : 23/11/2024   Category : security


Jasons Deli Accounts Compromised by Credential Stuffing


Deli Dollars loyalty accounts hit with stolen credentials from the Dark Web, potentially exposing the personal data of more than 340,000 customers.



Texas-based soup and sandwich slinger Jasons Deli is alerting members of its Deli Dollars rewards program that their personal data was potentially exposed in a credential-stuffing attack.
The accounts were compromised with genuine logins gathered from the Dark Web from previous breaches of other systems, according to
Jasons Delis filing
with the Maine Attorney Generals office, potentially impacting more than 344,000 customers.
The customer notification read in part, On December 21, 2023, we learned that an unauthorized party had obtained an unknown number of Deli Dollar and online account login credentials (usernames and passwords) most likely from other data breaches or other sources not involving Jasons Deli. These unauthorized parties apparently used these login credentials to determine if they matched those of our reward and online accounts.
As a result, the threat actors were able to compromise Deli Dollars accounts and access associated details, including names, addresses, phone numbers, birth dates, preferred store location, order history, contacts for group orders, house account numbers, Deli Dollars points, and available rewards, as well as partial credit and payment card numbers, according to the notice Jasons Deli is sending out to customers.
The restaurant chain is encouraging its Deli Dollars members to update their login credentials, especially if theyre using the same username and password for other accounts.
This breach highlights the folly of reusing passwords across accounts, and the need for multifactor authentication (MFA), password managers, and implementation of secure and effective access management, according to Joseph Carson, chief security scientist and advisory CISO with Delinea.
For businesses and services that provide online accounts, it is a reminder that when you allow users to choose their own passwords and store sensitive data on your systems and do not enforce strong passwords best practices ... it will result in users accounts eventually being compromised, Carson explained.
Carson added hes noticed an uptick in successful credential-stuffing attacks.
Lionel Litty, chief security architect at Menlo Security, also favors some sort of MFA tool.
While MFA is crucial for password reuse and credential stuffing, not all MFA solutions offer equal protection, Litty said. To truly get the full value from MFA and ensure comprehensive protection, organizations must invest in phishing-resistant MFA. By doing so, they not only mitigate the risks associated with password compromise but also elevate their overall cybersecurity posture.
Sandwiches are proving to be satisfying for bad actors. Just last week, fellow fast-casual sandwich chain
Subway was the victim of a LockBit 3.0 ransomware
cyberattack. The infamous ransomware group claimed it stole hundreds of gigabytes of financial data, including employee salaries, as well as royalty and commission payments.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Jasons Deli Accounts Compromised by Credential Stuffing