Experts On News: Cyber Attack On Nando’s Customers

Nando’s customers say they’ve been left hundreds of pounds out of pocket after falling victim to a cyber-attack. Fans of the popular restaurant chain say their accounts – including usernames and passwords – have been compromised and used to place incredibly high orders. Single mum-of-three Sandy Warden said her daughter, Mia, lost £114.50 after her account was accessed by criminals. The 18-year-old from Hertfordshire said she used her bank details a week before to place an order online via a QR code in her local branch. Mia was at home on September 21 when she received an email from Nando’s claiming she’d placed an order. “It said she’d placed a huge order at the Kensington High Street branch,” Sandy told Mirror Money.

More information: https://www.mirror.co.uk/money/i-lost-114-nandos-admits-22894076

Experts Comments

October 26, 2020
Brian Higgins
Security Specialist
Comparitech.com
This type of fraud is becoming far more common during the various stages of lockdown across the country. As it is mostly mandatory to check in to venues etc. for Track and Trace purposes, the majority have implemented in-house online ordering platforms in tandem to avoid as much live contact time as possible with their customers. The security of these platforms is always going to be questionable and it is absolutely vital that customers take their own security measures seriously. Never use the.....Read More
This type of fraud is becoming far more common during the various stages of lockdown across the country. As it is mostly mandatory to check in to venues etc. for Track and Trace purposes, the majority have implemented in-house online ordering platforms in tandem to avoid as much live contact time as possible with their customers. The security of these platforms is always going to be questionable and it is absolutely vital that customers take their own security measures seriously. Never use the same password for more than one application, whether it’s your bank account, your Facebook page, your Deliveroo account or anything else. If attackers, as in this case, can steal the password to one app, they will have access to them all. Password management is a pain but feeding someone else’s friends at Nando’s is worse. I would always advise using a pre-paid card for any online transactions as they can be loaded with sufficient funds to make a purchase but are not linked to your bank account.  Read Less
October 26, 2020
Chris Hauk
Consumer Privacy Champion
Pixel Privacy
The Nando's "breach" appears to be a case of customers reusing passwords on multiple sites. The bad actors grab a victim's login and password from another data breach, and then try the login info on other websites until they have a winner. I cannot stress enough the need for online users to avoid using the same password on multiple websites. Sure, it's tough to remember a thousand passwords, but that is also why I suggest using 1Password, LastPass, or many other handy password manager.....Read More
The Nando's "breach" appears to be a case of customers reusing passwords on multiple sites. The bad actors grab a victim's login and password from another data breach, and then try the login info on other websites until they have a winner. I cannot stress enough the need for online users to avoid using the same password on multiple websites. Sure, it's tough to remember a thousand passwords, but that is also why I suggest using 1Password, LastPass, or many other handy password manager services. These services can create secure passwords on the fly and then store them in an encrypted database that is accessible via a single password. By using a password manager, users can conveniently ensure that they won't be reusing passwords.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.