Customers of fast food chain Chipotle are reported by TechCrunch to have had their accounts hacked. The says it believes credential stuffing might be the cause, but some customers have said their passwords are unique to the Chipotle account, and others note that they don’t have accounts and used Chipotle’s guest checkout.  

Ameya Talwalkar, Co-founder and CPO at Cequence:

- Ameya Talwalkar Stealth Security lg 257x300 - Chipotle Breach – Cequence Expert Comments“Without fully understanding all of the details of the , organizations like Chipotle are faced with the following . On the dark web, attackers have a rich repository of user credentials, automation tools and compromised computing resources. With those three elements in hand, they will use automation to takeover a user account, and then either resell it on the dark web or as was the case in this , use it for their own benefit.

“To prevent these types of attacks, organizations have deployed Early, 1st generation credential stuffing/bot mitigation solutions that either require application instrumentation or ongoing SDK updates for each of the web, mobile and API-based application entry points. If each of the new or updates require instrumentation, or an update to the SDK in order to be protected, then one of two things may happen. is bypassed or the project is delayed. Neither of which is acceptable to the business. Ideally, as organizations move towards cloud-native application development methodologies, becomes part of the workflow, seamlessly and intelligently protecting public facing as they are deployed, or updated.” 

 

 



Source link
Based Blockchain Network

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here