Zola, a wedding planning startup that allows couples to create websites, budgets and gift registries, has confirmed that hackers gained access to user accounts but has denied a breach of its systems.
Zola customers took to social media to report that their accounts had been hijacked. Some people said that their Zola accounts had been hacked, while others said they had thousands of dollars charged to their credit cards.
Emily Forrest, Zola's spokeswoman, confirmed in a statement that accounts had been compromised as a result of a credential stuffing attack, where exposed or breached usernames and passwords are used to access accounts on different websites that share the same set of credentials.
The majority of Zola couples were not impacted, but we are deeply apologetic to those who detected any irregular account activity.
If you have sent us a tweet regarding any gifts, credits or funds in your account, please make sure that you email our team support@zola.com who will absolutely work to reconcile your situation.
— Zola (@Zola) May 22, 2022
Users who have seen funds stolen or fraudulent transactions are urged to email its support team. Forrest said that all funds, credit cards, and bank info are protected and that cash funds have been restored.
During the incident, the company temporarily suspended its apps and reset user passwords.
Zola declined to say how many users were affected by the breach and refused to answer our questions about the lack of two-factor authentication currently offered to users, which helps to protect accounts against credential stuffing attacks.
Forrest said that the support team is working hard to respond to every customer.
If you work at Zola or know anything about the security incident, get in touch with TechCrunch.
All Rights Reserved © 2024
