American fast food chain Chick-fil-A is investigating what it called “suspicious activity” linked to the accounts of some of its customers.

“We are investigating suspicious activity on certain customer accounts,” the company said in an alert posted to its official website on Friday and first spotted by a security researcher. Dominique Alvieri.

“We are committed to protecting customer data and are working quickly to resolve the issue.”

A support page on the Chick-fil-A Membership Program One Customer Care website provides potentially affected customers with details on what to do if they notice unusual activity on their accounts, if they see mobile orders placed without their approval or if their loyalty points have been used to fraudulently redeem or offer rewards.

If they notice anything unusual, customers are advised to immediately change their passwords to new ones that are unique, complex, and not used on other platforms or online accounts.

They should also remove all stored payment methods, such as credit or debit cards, from their Chick-fil-A One accounts by accessing the Chick-fil-A app, Account menu and clicking “Manage payment methods”.

Details on what to do if their Chick-fil-A One accounts were used to place mobile orders without their knowledge are available here.

Hacked Chick-Fil-A accounts sold online

Today’s warning comes after BleepingComputer emailed the company before Christmas over reports that Chick-fil-A user accounts were hacked in computer stuffing attacks. credentials.

Although we have not yet received a response, a threat intelligence researcher told BleepingComputer at the time that hacked accounts were used with disposable email addresses to buy food in widespread attacks. (a tactic Chick-fil-A customers were warned against today).

Some of the stolen accounts are sold for between $2 and $200, depending on the account balance, linked payment method, or Chick-fil-A One points (reward points) balance.

Social media has also been inundated with customer reports [1, 2, 3, 4, 5, 6] claiming that their accounts were hacked and drained of their loyalty points.

Chick-Fil-A has since disabled new account creation and banned the use of disposable email addresses, forcing hackers to use legitimate email services to hijack accounts.

A spokesperson for Chick-fil-A One was not immediately available for comment when contacted again by BleepingComputer earlier today.