Jason’s Deli, a popular American restaurant chain, has alerted customers about a data breach resulting from credential stuffing attacks. The breach involved hackers using obtained credentials, likely from other breaches, to access member accounts on Jason’s Deli’s website. The exposed data includes personal information like names, addresses, phone numbers, birthdays, and more. While the company detected unauthorized access attempts, the exact number of impacted accounts remains unknown, prompting a precautionary notification to all potentially affected users. The total number of potentially impacted customers is reported to be 344,034 people.
The effectiveness of the attack hinges on users practicing “password recycling,” using the same credentials across multiple platforms, making their accounts vulnerable to hijacking. To mitigate such attacks, IP address rate-limiting is recommended. The breached data encompasses a range of information, including Deli Dollar points, credit card numbers (truncated), and gift card numbers. Jason’s Deli is urging affected users to reset their passwords and consider changing credentials on other platforms where similar login details are used. Additionally, the company plans to restore Deli Dollars reward points used without authorization.
Customers confirmed as impacted will receive prompts for password resets to enhance security. The notification emphasizes the importance of users changing passwords on other platforms and enabling two-factor authentication (2FA) where available. Despite detecting unauthorized access attempts, Jason’s Deli cannot ascertain the exact number of compromised accounts. The incident underscores the ongoing challenge of securing online platforms and the risks associated with password-related vulnerabilities.
