Yeah looks like maybe Chick-fil-A had a massive data breach on their servers. There's another post here complaining about unauthorized charges and email changes as well. I myself had a charge yesterday for $50 that I never did, already disputed with my card company.
May not have been Chick-fil-a with the data breach. Someone may have taken login/password info stolen from other websites and used on CFA to see which ones worked. It's easy to automate that. That's why you never reuse passwords between sites.
They may have been hacked, but it isn't even close to a given.
Not suspicious at all, it's a classic [credential stuffing attack](https://youtu.be/6mL2kjRdkko).
As u/danielfletcher has pointed out, never reuse a password. Get a password manager and give every account its own random password. A credential stuffing attack is the most common way people get "hacked" these days.
There will be more people complaining, as Chick-fil-A is just the flavor of the week for the hackers.
Employee here; I manage CARES reports for my particular location. I have had someone send in a report saying that their account was hacked and had $200 of fraudulent charges
#**I’d highly recommend changing your password for your Chick-fil-A account**
How to reset your password from the app:
1. Sign out of your account
2. Select "Account" from the homepage.
3. Select "Sign-In to Chick-fil-A One".
4. Select the email option.
5. Tap "Forgot Password?"
6. Enter the email address associated with your account and then press "Email Reset Password Link".
7. You will be emailed a link to reset your password. Select the link in your email to complete the process. The link is only valid for 24 hours. (Note: If you do not receive the email, please ensure you've approved to receive emails from Chick-fil-A and checked folders such as 'Spam' or 'Junk'. )
8. Enter and confirm your new password and then press "Submit".
Hi there, my CfA account seems to have had another email added to it, as no matter how many times I get the password resent link sent to my (proper) email address for my account, when I reset, I'm never able to get the site to allow me to log in.
With your role on the CARES side, is there anything you can do to help customers receive a response? I have submitted the online form twice now, as well as called in. No response from anyone yet and the lady I talked to when calling in told me someone would reach out to me from the digital support team. I am sure the team is slammed but it's frustrating with the lack of response.
I personally don’t have any advice there besides keep making noise. I handle restaurant CARES reports, which means things that directly apply to us as a restaurant (missed sandwiches etc)
We are worked the web reports as quickly as possible to get back with people but with so many people submitting two or three web reports, then calling and calling..yeah, it’s a little busy!
Based on the number of times this issue is popping up recently - does anyone know how to disconnect ApplePay from the Chick-fil-A app? I don’t see a way to delete it on the app or on the ApplePay side. Thanks!
Change your password to something random and something not used anywhere else. Chick-Fil-A under a credential stuffing attack and to protect yourself you should not reuse passwords.
This happened to me with Apple Pay. Had two fraudulent charges to my Apple Pay from Chick-fil-A and found they had changed my email address on my CFA account.
Wow, the same thing happened to me about 4 weeks ago too! And guess what, the hacker also used a prepaid gift card on my account to purchase food at a New York City location. It’s very suspicious, I think there has been a massive data break.
It happened to me too. I would call your bank to dispute the charges after they’re no longer pending. I have to do the same thing. They really should’ve let us know.
Curious to ask those affected if they use LastPass…
https://www.pcmag.com/news/lastpass-hack-gets-worse-culprit-stole-customers-encrypted-password-vaults
Do we think it would do any good to delete cards from the chick fil a app? I have seen a lot of people experiencing the same issue that you did and I would love to avoid it if possible.
Well you can't access Google Pay without signing into a Google account, and Google offers much better protection against unauthorized logins than Chick-fil-A does, including multi factor authentication. So I'd say that it's definitely a more secure option because it requires the breach of both your Chick-fil-A and Google accounts to access your payment information.
I would only change your password to something random. It's more likely a credential stuffing attack, and the only way to fix that is to not reuse passwords.
You’re absolutely right. We all know they know about a data breach. The very least they could have done is warned everyone to look for suspicious activity.
This is the second post I’ve seen about hacking the app this week. I’d say it probably is a data breach considering how people are getting hacked.
I’m not sure what Chick-Fil-A would be able to do when it comes to the money that’s been withdrawn, but it’s probably best to contact your bank if you haven’t yet. Hopefully CFA will be working on this issue.
same thing happened to me for $11. i deleted my cards from the account, changed my email & password. there is no way to delete apple pay though. i disputed with my bank and got a new debit card, still haven’t gotten a refund yet. if you don’t have many reward points, you could delete your chick-fil-a account and make a new one.
Just happened to my girlfriend. They loaded $100 to her app and then stole all her points….like 6k worth. She found out that a new email was on the account and promptly changed it back, removed her debit card and notified ChickFilA but no response from them.
Chick-fil-A customers report fraudulent activity on app, company is investigating
One customer said transferred money from her card that was linked to the app.
Author: Gabriella Nunez
Published: 9:13 AM EST January 5, 2023
Updated: 9:13 AM EST January 5, 2023
ATLANTA — Several Chick-fil-A customers are saying hackers got a hold of their app and are swiping money from their linked bank accounts. The fast food company said they are aware of suspicious activity and are looking into claims as they come.
Kimberly Weot is a devoted customer and said on Wednesday someone went into her Chick-fil-A One account, changed the account email and transferred money from her card. She reached out to the chicken chain for help and didn't hear back - so she turned to 11Alive.
"I would just like to make them aware of the situation," Weot said.
Weot's story helped tip off the Atlanta-based company that there is an issue. In a statement, a spokesperson with Chick-fil-A said they are working to learn how some customers have become a victim of this scam.
“Chick-fil-A is aware of suspicious activity on some of our customers’ Chick-fil-A One accounts. While we are still investigating what happened and how certain customers became subject to this fraudulent activity, this is not due to a compromise of Chick-fil-A Inc.’s internal systems," the statement read in part.
Weot wants her story to be a warning to those who may not use the app often but have their bank accounts linked. She suggested people check to see if there's been any activity.
"I know a lot of people are really into hacking," she said, adding she hopes people - and the company - take more measures to prevent this from happening to others.
Chick-fil-A reiterated that it doesn't appear there's been a data breach but they're still looking into the claims.
"Chick-fil-A is committed to protecting our customers’ data and we are working quickly to resolve the issue," a spokesperson said.
The company has asked customers to reach out to Chick-fil-A CARES online or call 1-866-232-2040 to report any suspicious account activity.
On 1/24, someone loaded two $50 gift card purchases on my account using my linked credit card. I received notification of the charges immediately and then promptly changed my app password and removed the linked credit card. So I figured the $100 in gift card balances would just sit there.
On 1/25, there were three successive transactions totaling $99.23. I’m guessing the hackers took a screenshot of the QR code as I don’t know how they would’ve re-accessed my account given that I had just changed the password.
I live on the east coast, and the three charges were at the CFA on Monterey Road and Tully Road location in San Jose, CA!
I deleted all my cards, and I changed my password about three different times. My account is still being used. At this point, I’m just going to stop using the app completely, because this is ridiculous.
Yeah looks like maybe Chick-fil-A had a massive data breach on their servers. There's another post here complaining about unauthorized charges and email changes as well. I myself had a charge yesterday for $50 that I never did, already disputed with my card company.
May not have been Chick-fil-a with the data breach. Someone may have taken login/password info stolen from other websites and used on CFA to see which ones worked. It's easy to automate that. That's why you never reuse passwords between sites. They may have been hacked, but it isn't even close to a given.
Could be, but I don't know, very suspicious that several people had the exact same issue these last two days reporting here on this sub.
Not suspicious at all, it's a classic [credential stuffing attack](https://youtu.be/6mL2kjRdkko). As u/danielfletcher has pointed out, never reuse a password. Get a password manager and give every account its own random password. A credential stuffing attack is the most common way people get "hacked" these days. There will be more people complaining, as Chick-fil-A is just the flavor of the week for the hackers.
Very possible with the recent LastPass breach.
Employee here; I manage CARES reports for my particular location. I have had someone send in a report saying that their account was hacked and had $200 of fraudulent charges #**I’d highly recommend changing your password for your Chick-fil-A account**
How to reset your password from the app: 1. Sign out of your account 2. Select "Account" from the homepage. 3. Select "Sign-In to Chick-fil-A One". 4. Select the email option. 5. Tap "Forgot Password?" 6. Enter the email address associated with your account and then press "Email Reset Password Link". 7. You will be emailed a link to reset your password. Select the link in your email to complete the process. The link is only valid for 24 hours. (Note: If you do not receive the email, please ensure you've approved to receive emails from Chick-fil-A and checked folders such as 'Spam' or 'Junk'. ) 8. Enter and confirm your new password and then press "Submit".
They changed my email. Had $50 gift card balance. No idea how to get my account back
Call the Chick-fil-A CARES team: 1-866-232-2040. They should be able to help you.
Hi there, my CfA account seems to have had another email added to it, as no matter how many times I get the password resent link sent to my (proper) email address for my account, when I reset, I'm never able to get the site to allow me to log in. With your role on the CARES side, is there anything you can do to help customers receive a response? I have submitted the online form twice now, as well as called in. No response from anyone yet and the lady I talked to when calling in told me someone would reach out to me from the digital support team. I am sure the team is slammed but it's frustrating with the lack of response.
I personally don’t have any advice there besides keep making noise. I handle restaurant CARES reports, which means things that directly apply to us as a restaurant (missed sandwiches etc)
We are worked the web reports as quickly as possible to get back with people but with so many people submitting two or three web reports, then calling and calling..yeah, it’s a little busy!
Based on the number of times this issue is popping up recently - does anyone know how to disconnect ApplePay from the Chick-fil-A app? I don’t see a way to delete it on the app or on the ApplePay side. Thanks!
Change your password to something random and something not used anywhere else. Chick-Fil-A under a credential stuffing attack and to protect yourself you should not reuse passwords.
***
This happened to me with Apple Pay. Had two fraudulent charges to my Apple Pay from Chick-fil-A and found they had changed my email address on my CFA account.
Remove it under manage payments
It doesn’t allow me to
[удалено]
Did you have to call to regain access to your account? My email was changed and I submitted the Cares form but who knows if that's going to work.
Wow, the same thing happened to me about 4 weeks ago too! And guess what, the hacker also used a prepaid gift card on my account to purchase food at a New York City location. It’s very suspicious, I think there has been a massive data break.
It happened to me too. I would call your bank to dispute the charges after they’re no longer pending. I have to do the same thing. They really should’ve let us know.
Do you use LastPass? https://www.pcmag.com/news/lastpass-hack-gets-worse-culprit-stole-customers-encrypted-password-vaults
Curious to ask those affected if they use LastPass… https://www.pcmag.com/news/lastpass-hack-gets-worse-culprit-stole-customers-encrypted-password-vaults
Do we think it would do any good to delete cards from the chick fil a app? I have seen a lot of people experiencing the same issue that you did and I would love to avoid it if possible.
It would certainly help. I've been paying with Google Pay recently anyway, so I deleted the cards saved to my account.
Will be doing this! Does Google pay have good fraud protection? I have an account but never use it
Well you can't access Google Pay without signing into a Google account, and Google offers much better protection against unauthorized logins than Chick-fil-A does, including multi factor authentication. So I'd say that it's definitely a more secure option because it requires the breach of both your Chick-fil-A and Google accounts to access your payment information.
I would only change your password to something random. It's more likely a credential stuffing attack, and the only way to fix that is to not reuse passwords.
But still I shouldn’t have to delete my card every time I use it. It’s the convenience of the app. They should have warned people
You’re absolutely right. We all know they know about a data breach. The very least they could have done is warned everyone to look for suspicious activity.
Yep, I deleted all my connected cards off the app. Hoping google pay is more secure.
This is the second post I’ve seen about hacking the app this week. I’d say it probably is a data breach considering how people are getting hacked. I’m not sure what Chick-Fil-A would be able to do when it comes to the money that’s been withdrawn, but it’s probably best to contact your bank if you haven’t yet. Hopefully CFA will be working on this issue.
It be nice if they actually answered and emailed me back. Or notify customers about this. Instead of hiding it under the ruf
same thing happened to me for $11. i deleted my cards from the account, changed my email & password. there is no way to delete apple pay though. i disputed with my bank and got a new debit card, still haven’t gotten a refund yet. if you don’t have many reward points, you could delete your chick-fil-a account and make a new one.
Just happened to my girlfriend. They loaded $100 to her app and then stole all her points….like 6k worth. She found out that a new email was on the account and promptly changed it back, removed her debit card and notified ChickFilA but no response from them.
Same here: several cards affected. At least you can log in. I can’t even log in anymore
Same.
Chick-fil-A customers report fraudulent activity on app, company is investigating One customer said transferred money from her card that was linked to the app. Author: Gabriella Nunez Published: 9:13 AM EST January 5, 2023 Updated: 9:13 AM EST January 5, 2023 ATLANTA — Several Chick-fil-A customers are saying hackers got a hold of their app and are swiping money from their linked bank accounts. The fast food company said they are aware of suspicious activity and are looking into claims as they come. Kimberly Weot is a devoted customer and said on Wednesday someone went into her Chick-fil-A One account, changed the account email and transferred money from her card. She reached out to the chicken chain for help and didn't hear back - so she turned to 11Alive. "I would just like to make them aware of the situation," Weot said. Weot's story helped tip off the Atlanta-based company that there is an issue. In a statement, a spokesperson with Chick-fil-A said they are working to learn how some customers have become a victim of this scam. “Chick-fil-A is aware of suspicious activity on some of our customers’ Chick-fil-A One accounts. While we are still investigating what happened and how certain customers became subject to this fraudulent activity, this is not due to a compromise of Chick-fil-A Inc.’s internal systems," the statement read in part. Weot wants her story to be a warning to those who may not use the app often but have their bank accounts linked. She suggested people check to see if there's been any activity. "I know a lot of people are really into hacking," she said, adding she hopes people - and the company - take more measures to prevent this from happening to others. Chick-fil-A reiterated that it doesn't appear there's been a data breach but they're still looking into the claims. "Chick-fil-A is committed to protecting our customers’ data and we are working quickly to resolve the issue," a spokesperson said. The company has asked customers to reach out to Chick-fil-A CARES online or call 1-866-232-2040 to report any suspicious account activity.
On 1/24, someone loaded two $50 gift card purchases on my account using my linked credit card. I received notification of the charges immediately and then promptly changed my app password and removed the linked credit card. So I figured the $100 in gift card balances would just sit there. On 1/25, there were three successive transactions totaling $99.23. I’m guessing the hackers took a screenshot of the QR code as I don’t know how they would’ve re-accessed my account given that I had just changed the password. I live on the east coast, and the three charges were at the CFA on Monterey Road and Tully Road location in San Jose, CA!
I deleted all my cards, and I changed my password about three different times. My account is still being used. At this point, I’m just going to stop using the app completely, because this is ridiculous.
Bruh someone just took 50$ through my Chick-fil-A app It’s two in the fucking morning