United States – Chipotle
https://techcrunch.com/2019/04/17/chipotle-accounts-hacked/
Exploit: Credential Stuffing
Chipotle: American chain of fast casual restaurants
Risk to Small Business: 1.888 = Severe: Several individuals took to Twitter and Reddit to report that their Chipotle accounts were being used to place unauthorized orders at locations across the country. However, many of the customers maintain that their passwords were unique to Chipotle, which could rule out the possibility of a credential stuffing attack and shift the blame directly on Chipotle. In response, Chipotle officials stated that they don’t believe their network was breached or that personal data was revealed to outside entities. This is the company’s second data security incident in two years, and they have yet to roll out two-factor authentication for their customers
Individual Risk: 2.571 = Moderate: In credential stuffing attacks, hackers leverage personal information retrieved from past data breaches to breach new accounts. Chipotle account holders should enlist in identity monitoring solutions and reset their passwords to protect their information going forward.
Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: Being able to rule out a credential stuffing attack is crucial to identifying the source of a breach. Without the help of an MSP or an MSSP that offers Dark Web monitoring solutions, it becomes incredibly difficult to track how compromised data is being leveraged by hackers. When developing digital platforms, companies of all sizes need to plan to protect their customer data by taking every precaution to ensure that their information is never compromised.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
