Nando’s customers say they’ve been left hundreds of pounds out of pocket after falling victim to a cyber-attack. Fans of the popular restaurant chain say their accounts – including usernames and passwords – have been compromised and used to place incredibly high orders. Single mum-of-three Sandy Warden said her daughter, Mia, lost £114.50 after her account was accessed by criminals. The 18-year-old from Hertfordshire said she used her bank details a week before to place an order online via a QR code in her local branch. Mia was at home on September 21 when she received an email from Nando’s claiming she’d placed an order. “It said she’d placed a huge order at the Kensington High Street branch,” Sandy told Mirror Money.
More information: https://www.
This type of fraud is becoming far more common during the various stages of lockdown across the country. As it is mostly mandatory to check in to venues etc. for Track and Trace purposes, the majority have implemented in-house online ordering platforms in tandem to avoid as much live contact time as possible with their customers. The security of these platforms is always going to be questionable and it is absolutely vital that customers take their own security measures seriously. Never use the same password for more than one application, whether it’s your bank account, your Facebook page, your Deliveroo account or anything else. If attackers, as in this case, can steal the password to one app, they will have access to them all. Password management is a pain but feeding someone else’s friends at Nando’s is worse. I would always advise using a pre-paid card for any online transactions as they can be loaded with sufficient funds to make a purchase but are not linked to your bank account.
The Nando\’s \”breach\” appears to be a case of customers reusing passwords on multiple sites. The bad actors grab a victim\’s login and password from another data breach, and then try the login info on other websites until they have a winner.
I cannot stress enough the need for online users to avoid using the same password on multiple websites. Sure, it\’s tough to remember a thousand passwords, but that is also why I suggest using 1Password, LastPass, or many other handy password manager services. These services can create secure passwords on the fly and then store them in an encrypted database that is accessible via a single password. By using a password manager, users can conveniently ensure that they won\’t be reusing passwords.