Experts On News: Cyber Attack On Nando’s Customers

By   ISBuzz Team
Writer , Information Security Buzz | Oct 26, 2020 03:39 am PST

Nando’s customers say they’ve been left hundreds of pounds out of pocket after falling victim to a cyber-attack. Fans of the popular restaurant chain say their accounts – including usernames and passwords – have been compromised and used to place incredibly high orders. Single mum-of-three Sandy Warden said her daughter, Mia, lost £114.50 after her account was accessed by criminals. The 18-year-old from Hertfordshire said she used her bank details a week before to place an order online via a QR code in her local branch. Mia was at home on September 21 when she received an email from Nando’s claiming she’d placed an order. “It said she’d placed a huge order at the Kensington High Street branch,” Sandy told Mirror Money.

More information:

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Brian Higgins
Brian Higgins , Security Specialist
October 26, 2020 11:38 am

This type of fraud is becoming far more common during the various stages of lockdown across the country. As it is mostly mandatory to check in to venues etc. for Track and Trace purposes, the majority have implemented in-house online ordering platforms in tandem to avoid as much live contact time as possible with their customers. The security of these platforms is always going to be questionable and it is absolutely vital that customers take their own security measures seriously. Never use the same password for more than one application, whether it’s your bank account, your Facebook page, your Deliveroo account or anything else. If attackers, as in this case, can steal the password to one app, they will have access to them all. Password management is a pain but feeding someone else’s friends at Nando’s is worse. I would always advise using a pre-paid card for any online transactions as they can be loaded with sufficient funds to make a purchase but are not linked to your bank account.

Last edited 3 years ago by Brian Higgins
Chris Hauk
Chris Hauk , Consumer Privacy Champion
October 26, 2020 11:36 am

The Nando\’s \”breach\” appears to be a case of customers reusing passwords on multiple sites. The bad actors grab a victim\’s login and password from another data breach, and then try the login info on other websites until they have a winner.

I cannot stress enough the need for online users to avoid using the same password on multiple websites. Sure, it\’s tough to remember a thousand passwords, but that is also why I suggest using 1Password, LastPass, or many other handy password manager services. These services can create secure passwords on the fly and then store them in an encrypted database that is accessible via a single password. By using a password manager, users can conveniently ensure that they won\’t be reusing passwords.

Last edited 3 years ago by Chris Hauk

Recent Posts

Would love your thoughts, please comment.x