BLOG

Centripetal comments in Solutions Review

Centripetal Comments on Compromised Chipotle Accounts in Solutions Review article “What Enterprises Can Learn About Credential Stuffing From Chipotle

Recently, fellow technology publication TechCrunch reported on a potential security event at Chipotle, the Mexican fast-food provider. According to the article, Chipotle application consumers complained of fraudulent charges to their accounts via social media and online forums.

Experts Commented below:

Byron Rashed, VP of Marketing at Centripetal Networks:

“This could be a case of credential stuffing. Many cybercriminals and cyber gangs use algorithmic and other automation to access sites with compromised credentials from other breaches. If it’s true that some victims claim the password is unique to Chipotle, then it’s quite possible they suffered a breach. However, it is also quite possible that the unique passwords associated with their Chipotle accounts could have been derived through password cracking automation by the threat actor since they would have had their email (username).”

“Many passwords associate people, places, etc. in one’s life. Threat actors will also leverage a victim’s social media presence to ‘guess’ passwords that can contain a spouse, child or pet’s name that is easy to remember with some basic characters such as ‘dog’s name 123,’ or something similar where automation can produce a myriad of possible passwords.”

 

Tweet Article
Share Article
Centripetal News

SIGN UP TO OUR NEWSLETTER

Learn more about how CleanINTERNET® and Centripetal can proactively protect your organization.