Exploit: Credential Stuffing
Nando’s Peri-Peri – Restaurant Chain
Risk to Small Business: 2.775 = Moderate
A credential stuffing incident gave customers of this popular high street restaurant chain a little more than they bargained for after several customers discovered that huge orders had been placed using their online accounts. to comply with COVID-19 operating regulations, Nando’s customers who are getting takeout are required to scan a QR code with their phone to order their food online, which opened up a vulnerability that cybercriminals were more than happy to exploit.
Individual Risk: 2.802 = Moderate
Some customers have had their accounts hijacked with large food orders places, but the company is working with them to restore any funds snatched from pre-paid carryout orders while encouraging customers to reset their account credentials if they suspect that they may have been impacted.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Credential stuffing is a favorite because it’s easy and cheap. Huge repositories of passwords in Dark Web data dumps give cybercriminals plenty of ammunition and produce results with little investment.