Restaurants and food delivery services at risk of credential stuffing attacks, as warned by the FBI

August 23, 2021
Restaurants food delivery services credential stuffing cyberattack FBI

Several attacks using the credential stuffing scheme have been reported to emerge recently by the FBI, as threat actors aimed to hijack victims’ grocery store, food delivery, and online restaurant accounts to be able to steal their sensitive financial information. This warning was sent towards the US food and agricultural firms by the Cyber Division of FBI Private Industry Notification. 

Just as credential stuffing cyber-attack technically works, the hackers attempt to gain unauthorized access or intrude into the victim’s user accounts using their reused passwords across many online accounts, specifically with their grocery and food delivery accounts as per this issue. This attack is carried out through proxy botnets and automated tools.  

Given that billions of sensitive credentials have been compromised in history all through the web, the credential stuffing cyber-attack technique has become more common inside the hacking industry. In addition to this, many restaurants, food deliveries, and grocery marketplaces have been conducting promotions such as reward points amongst their clients that hackers have tended to take for granted and see as a vulnerability and an opportunity to hijack. 


Domino’s Pizza got attacked by cyber hackers 

Since the July of 2020, the FBI has been receiving a lot of reports concerning cyber-attacks through credential stuffing. 

One of these incidents has happened last April 2021, wherein Domino’s Pizza in India had been attacked by hackers. As stated by reports, over one million customers of the said restaurant who have entered their credit card credentials to order their food have been exposed to cybercriminals. These hackers sell the stolen data through the dark web. The said motive of hackers upon this attack is to mainly sell all the stolen information. Domino’s Pizza is one of the big shot restaurants in over 200 cities in India, with a network of more than 1,000 restaurants. 

This progression of cyber-attacks happening towards restaurants and food delivery services worldwide were reported to grow since the beginning of the Covid19 pandemic last year of 2020, as per individual reports of research firms. These foodservice owners are said to be completely oblivious of being hijacked, as reported by the FBI, up until they start to receive customer complaints about suspicious activities that happen with their online user accounts. 

Furthermore, the FBI heightens its warnings and advice against foodservice owners to be more aware of the types of cybercrime incidents such as cyber stuffing and increase their online security defences. 

About the author

Leave a Reply