Hackers Siphon Thousands From Users On Popular Wedding Registry Site
Users of the wedding registry Zola became victims of hackers.
Hackers siphoning funds from unsuspecting entities has, unfortunately, become commonplace in the news. However, hackers looking to swindle unsuspecting people out of their cash have now found a new industry to target. Cybercriminals successfully compromised the popular wedding registry site Zola and multiple couples were subjected to having their accounts and credit cards depleted of funds.
Zola is a wedding registry that couples can utilize if they want to receive a range of gifts in a less traditional format. Those using the registry can receive monetary gifts and gift cards amongst other things. These funds are all collected and deposited in the couple’s Zola account. Unfortunately, though, hackers with malicious intentions were able to acquire account data from various Zola users by means of a tactic known as credential stuffing. Essentially, credential stuffing is the act of obtaining a list of account information from websites that had been compromised in data breaches. Unbeknownst to the affected account holders, Zola had been subject to a data breach. Hence, the hackers were able to utilize the obtained Zola credentials to siphon funds from the individuals exposed in the breach.
Numerous victims spoke to Vice about what they experienced. One individual detailed that they had noticed that an e-mail that they didn’t recognize had been added to their account and that all of the money they received as a wedding gift via the Zola registry had been deposited into a bank account that they did not own. “Then we noticed that all our wedding funds that had been gifted to us were being processed to be transferred to a bank account that was not ours,” the wedding registry victim exclaimed. Another victim disclosed that the Zola hackers had gotten ahold of their credit card information and maxed it out with charges. “They charged thousands of dollars on my credit card beyond the max limit,” said the individual via Vice.
Those at Zola have been apologetic and took to Twitter to reveal what had happened and issue their apology. The company’s tweet detailed that Zola is addressing the issue and taking the necessary steps to rectify what had happened to all the victims involved. Take a look at the wedding registry’s Twitter disclosure below.
It’s likely reassuring for Zola users to know that the company is aware of the issue and taking steps to address what the hackers had done. A spokesperson for the company, Emily Forrest, reiterated that sentiment. Forrest explained that all affected persons and accounts could expect any compromised funds or activities to be refunded and/or rectified. Forrest also highlighted that Zola’s Safety & Security team took many additional precautionary measures to ensure that no other accounts become compromised. This included resetting the passwords of Zola’s entire user base. Additionally, Forrest emphasized that the overall infrastructure and integrity of Zola’s app and website remain intact and that all users should feel confident that they are being actively protected anytime they log into their accounts to utilize the wedding registry’s service. “Ultimately, fewer than 0.1 percent of all Zola couples were impacted,” added Forrest.
