Customers of fast food chain Chipotle are reported by TechCrunch to have had their accounts hacked. The company says it believes credential stuffing might be the cause, but some customers have said their passwords are unique to the Chipotle account, and others note that they don’t have accounts and used Chipotle’s guest checkout.
Ameya Talwalkar, Co-founder and CPO at Cequence:
“To prevent these types of attacks, organizations have deployed Early, 1st generation credential stuffing/bot mitigation solutions that either require application instrumentation or ongoing SDK updates for each of the web, mobile and API-based application entry points. If each of the new apps or updates require instrumentation, or an update to the SDK in order to be protected, then one of two things may happen. Security is bypassed or the project is delayed. Neither of which is acceptable to the business. Ideally, as organizations move towards cloud-native application development methodologies, security becomes part of the workflow, seamlessly and intelligently protecting public facing apps as they are deployed, or updated.”
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.