Posted on May 24, 2022 at 8:38 PM
Hackers Compromise The Accounts Of Zola Registry Users
A popular wedding planning website Zola has become the latest victim of a hacking incident. The company revealed that it is aware that some unauthorized gift card orders are being offered online, but says that cash transfers have been blocked.
The platform offers guest list management online gift cards, as well as wedding websites. It confirmed that threat actors succeeded in accessing the accounts of some of its users and tried to initiate fraudulent cash transfers.
Some Zola users were posting on social media that their linked bank accounts were used to buy gift cards. One of the tweets from a Reddit user showed a cracked Zola account being sold on the darknet, which is used to purchase gift vouchers.
The Hackers Accessed The Accounts Through Credential Stuffing
Director of communications at Zola, Emily Forrest, stated that the hackers access the accounts through a ‘credential stuffing” attack. The threat actors tried out several email and password combinations they stole from breaches across other platforms. She added that the hackers were able to crack some accounts, especially those that share the same account detail on multiple websites. Once the account of the target was compromised on the other site, the attackers used them to get into the accounts of the affected users on the Zola platform.
“We understand the disruption and stress that this caused some of our couples,” she stated. Forrest added that the hackers did not succeed as all the fraudulent fund transfer attempts were blocked. Bank information and credit cards were not exposed and people’s details will continue to be protected, she reiterates.
Fraudulent Gift Card Orders Are Still Circulating
Forrest also stated that the company knows that there are some fraudulent gift card orders and is seriously working to correct them. She added that Zola infrastructure was not affected in the hack and that only less than 0.1% of the couples using the platform were affected.
After the hacking incident during the weekend, the company sent out a mass email to inform users that it has automatically reset their account passwords. Zola said in the email that the action has been extended to all users as a precaution, even though a majority of the users are not affected. It is a primary security standard taken by several firms that have their user accounts affected by a hacking incident.
Both Android and iOS versions of the Zola app were also disabled during the weekend as another precautionary action. However, they have since been restored.
Presently, Zola security measure does not include any two-factor authentication protocol. This makes it far easier for credential stuffing attacks to become successful on the platform. This may come as a surprise, knowing that such as rudimentary security protocol is needed to offer some level of protection to user accounts. Although users with such protection could still be affected by a hacking incident, a two-factor authentication usually makes it more difficult for the threat actor to gain access to the user’s account.
Most sites that regularly deal with large amounts of personal and financially sensitive data provide additional authentication methods for their accounts. But Zola’s users could be exposed further since it doesn’t offer any form of two-factor authentication.
Users Advised To Maintain Strong, unique Security Passwords
Although Zola said the numbers of users affected are very small, the exact number of affected users is not known. As is the case with credential stuffing attacks, most of the accounts affected are those with weak passwords, as it makes it very easy for hackers to crack such passwords. In addition, Zola’s lack of two-factor authentication has made it easier for hackers to gain access to users’ accounts.
Zola has directed any users who have been affected by the hacking incident to contact support@zola.com for further security advice and more information.
Security experts generally recommend creating a strong, unique password for each website. Although it may sound like a headache to maintain multiple account details for all the accounts they use online, it is an important security protocol to observe. In most credential stuffing attacks, the victims are usually those that maintain weak passwords or similar account details across two or more websites.
Having a strong password and maintaining dedicated account information for each account will help users protect their accounts. Security experts have advised that users can utilize a good password manager to remove the nuisance of managing several unique passwords.