{"id":273,"date":"2023-03-07T13:18:37","date_gmt":"2023-03-07T19:18:37","guid":{"rendered":"https:\/\/kentprotect.com\/?p=273"},"modified":"2023-03-08T12:29:32","modified_gmt":"2023-03-08T18:29:32","slug":"2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers","status":"publish","type":"post","link":"https:\/\/kentprotect.com\/index.php\/2023\/03\/07\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\/","title":{"rendered":"2022-2023 Chick-fil-A credential stuffing attack breaches 71,000+ customers"},"content":{"rendered":"<div class='booster-block booster-read-block'><\/div>\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>One-sentence summary: <\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Chick-fil-A recently concluded a credential stuffing campaign breaching the sensitive data of over 71,000+ customers. <\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>Who was involved?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">71,000 Chick-fil-A customers, Chick-fil-A, and a threat actor. <\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>What was the timeline?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">December 18, 2022: Attack starts<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">February 12, 2023: Chick-fil-A discovers the breach and the attack ends (Chick-fil-A, Inc., 2023, p. 1). <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">March 2, 2023: Chick-fil-A begins notification of affected parties. <\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>What occurred?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">An &#8220;automated&#8221; credential stuffing attack occurred against Chick-fil-A&#8217;s web and mobile application via stolen credentials obtained through an external means (Chick-fil-A, Inc., 2023, p. 1). Over 71,473 customers were affected (Peretti, 2023). Information breached included &#8220;name, email address, Chick-fil-A One membership number and mobile pay number, QR code, masked credit\/debit card number, and the amount of Chick-fil-A credit (e.g., e-gift card balance) on your account (if any)&#8221; and, &#8220;if saved to your account,&#8221; &#8220;month and day of your birthday, phone number, and address&#8221; (Chick-fil-A, Inc., 2023, p. 1). <\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>Estimated costs:<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Data breach notification costs. &#8220;National forensics firm&#8221; and incident response costs (Chick-fil-A, Inc., 2023, p. 1). M-F call center. <\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>Involved laws: <\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">State laws: Maine: 10 M.R.S.A. \u00a7 1346<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">California: CCPA and Cal. Civ. Code \u00a7 1798.29(a)<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>Root cause: <\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Credential stuffing. <\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>Lessons learned: <\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Good password hygiene, password reuse education, lockout policies, strong password policies, mandatory 2FA, breach-checking\/breach warning password managers.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>Sources: <\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Chick-fil-A, Inc. (2023). Individual Notification Template. In <em>Office of the Maine Attorney General<\/em>. Office of the Maine Attorney General. Retrieved March 7, 2023, from https:\/\/apps.web.maine.gov\/online\/aeviewer\/ME\/40\/66699dcb-5f86-40bb-9d12-d64dea06faca\/ec19585c-8c34-4293-b2df-199b6a6ab9a0\/document.html<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Peretti, K. (2023, March 2). <em>Office of the Maine AG: Consumer Protection: Privacy, Identity Theft and Data Security Breaches<\/em>. Office of the Maine Attorney General. Retrieved March 7, 2023, from https:\/\/apps.web.maine.gov\/online\/aeviewer\/ME\/40\/66699dcb-5f86-40bb-9d12-d64dea06faca.shtml<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-4-3 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"2022-2023 Chick-fil-A credential stuffing attack breaches 71,000+ customers\" width=\"640\" height=\"480\" src=\"https:\/\/www.youtube.com\/embed\/5ctD60nk6dQ?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><figcaption class=\"wp-element-caption\">YouTube\/Blog Notification Post<\/figcaption><\/figure>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>One-sentence summary: Chick-fil-A recently concluded a credential stuffing campaign breaching the sensitive data of over 71,000+ customers. Who<\/p>\n","protected":false},"author":4,"featured_media":274,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[68,3,12,85,114,270,266,267,13,265,76,63,262,261,75,61,11,10,77,74,14,201,268,69,71,241,72,70,8,27,48,67,269,62,15],"class_list":["post-273","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-breach-report","tag-been-pwned","tag-breach-report","tag-breaches","tag-california","tag-ccpa","tag-cfa","tag-chick-fil-a","tag-chicken","tag-ciso","tag-class-action","tag-cloud","tag-computer-security","tag-credential-stuffing","tag-credentialstuffing","tag-cyber-security","tag-cybercrime","tag-cybersecurity","tag-dallas","tag-dark-web","tag-data-breach","tag-executive","tag-exfiltration","tag-fastfood","tag-have-been-pwned","tag-have-i-pwned","tag-haveibeenpwned","tag-i-been-pwned","tag-i-have-been-pwned","tag-kent-protect","tag-kentprotect","tag-maine","tag-pwned","tag-restaurant","tag-security","tag-summary"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>2022-2023 Chick-fil-A credential stuffing attack breaches 71,000+ customers - Kent Protect<\/title>\n<meta name=\"description\" content=\"Chick-fil-A recently concluded a credential stuffing campaign breaching the sensitive data of over 71,000+ customers.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kentprotect.com\/index.php\/2023\/03\/07\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"2022-2023 Chick-fil-A credential stuffing attack breaches 71,000+ customers - Kent Protect\" \/>\n<meta property=\"og:description\" content=\"Chick-fil-A recently concluded a credential stuffing campaign breaching the sensitive data of over 71,000+ customers.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kentprotect.com\/index.php\/2023\/03\/07\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\/\" \/>\n<meta property=\"og:site_name\" content=\"Kent Protect\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-07T19:18:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-03-08T18:29:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/03\/pexels-photo-9659880.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"867\" \/>\n\t<meta property=\"og:image:height\" content=\"1300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Kyler Kent CISSP\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kyler Kent CISSP\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/03\\\/07\\\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/03\\\/07\\\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\\\/\"},\"author\":{\"name\":\"Kyler Kent CISSP\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/#\\\/schema\\\/person\\\/f9b4d76bd2f5b5559a08ad2e004a1116\"},\"headline\":\"2022-2023 Chick-fil-A credential stuffing attack breaches 71,000+ customers\",\"datePublished\":\"2023-03-07T19:18:37+00:00\",\"dateModified\":\"2023-03-08T18:29:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/03\\\/07\\\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\\\/\"},\"wordCount\":311,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/03\\\/07\\\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/kentprotect.com\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/pexels-photo-9659880.jpeg\",\"keywords\":[\"been pwned\",\"breach report\",\"breaches\",\"california\",\"CCPA\",\"CFA\",\"Chick-fil-A\",\"chicken\",\"ciso\",\"class-action\",\"cloud\",\"computer security\",\"credential stuffing\",\"credentialstuffing\",\"cyber security\",\"cybercrime\",\"cybersecurity\",\"dallas\",\"dark web\",\"data breach\",\"executive\",\"exfiltration\",\"fastfood\",\"have been pwned\",\"have I pwned\",\"haveibeenpwned\",\"I been pwned\",\"I have been pwned\",\"kent protect\",\"kentprotect\",\"maine\",\"pwned\",\"restaurant\",\"security\",\"summary\"],\"articleSection\":[\"The Breach Report!\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/03\\\/07\\\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/03\\\/07\\\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\\\/\",\"url\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/03\\\/07\\\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\\\/\",\"name\":\"2022-2023 Chick-fil-A credential stuffing attack breaches 71,000+ customers - Kent Protect\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/03\\\/07\\\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/03\\\/07\\\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/kentprotect.com\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/pexels-photo-9659880.jpeg\",\"datePublished\":\"2023-03-07T19:18:37+00:00\",\"dateModified\":\"2023-03-08T18:29:32+00:00\",\"description\":\"Chick-fil-A recently concluded a credential stuffing campaign breaching the sensitive data of over 71,000+ customers.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/03\\\/07\\\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/03\\\/07\\\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/03\\\/07\\\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/kentprotect.com\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/pexels-photo-9659880.jpeg\",\"contentUrl\":\"https:\\\/\\\/kentprotect.com\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/pexels-photo-9659880.jpeg\",\"width\":867,\"height\":1300,\"caption\":\"Photo by Jace Miller on Pexels.com\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/03\\\/07\\\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/kentprotect.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"2022-2023 Chick-fil-A credential stuffing attack breaches 71,000+ customers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/#website\",\"url\":\"https:\\\/\\\/kentprotect.com\\\/\",\"name\":\"Kent Protect\",\"description\":\"Starring the Breach Report! and other security and cybersecurity series\",\"publisher\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/kentprotect.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/#organization\",\"name\":\"Kent Protect\",\"url\":\"https:\\\/\\\/kentprotect.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/kentprotect.com\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/cropped-FullLogo_Transparent-1-with-KP-Smaller.png\",\"contentUrl\":\"https:\\\/\\\/kentprotect.com\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/cropped-FullLogo_Transparent-1-with-KP-Smaller.png\",\"width\":209,\"height\":161,\"caption\":\"Kent Protect\"},\"image\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/#\\\/schema\\\/person\\\/f9b4d76bd2f5b5559a08ad2e004a1116\",\"name\":\"Kyler Kent CISSP\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/Retry-3-150x150.jpg\",\"url\":\"https:\\\/\\\/kentprotect.com\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/Retry-3-150x150.jpg\",\"contentUrl\":\"https:\\\/\\\/kentprotect.com\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/Retry-3-150x150.jpg\",\"caption\":\"Kyler Kent CISSP\"},\"description\":\"Kyler Kent is a Senior Cybersecurity Analyst on CrowdStrike\u2019s Falcon Complete MDR team, where he helps large enterprises detect, investigate, and contain real intrusions across cloud and hybrid environments. His work spans threat hunting, incident response, and security automation\u2014turning noisy telemetry into clear, repeatable actions that reduce risk quickly. Previously, Kyler served as a Threat Hunting and Intelligence Specialist supporting a critical infrastructure provider in Dallas, and led security automation and operational coordination at CyberConvoy. He holds a Master\u2019s in Cybersecurity Risk Management from Georgetown University and maintains certifications including CISSP, AWS Solutions Architect \u2013 Professional, AWS Security \u2013 Specialty, and multiple CrowdStrike credentials. He writes to close the gap between \u201cwhat the textbook says\u201d and what analysts actually do on shift with his published book: \\\"SOC Analyst Career Guide\\\" (ISBN-13: 9781835467466). https:\\\/\\\/linktr.ee\\\/kentprotect.com Corrections: corrections@kentprotect.com\",\"sameAs\":[\"http:\\\/\\\/kylerkent.com\"],\"url\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/author\\\/kylerkent\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"2022-2023 Chick-fil-A credential stuffing attack breaches 71,000+ customers - Kent Protect","description":"Chick-fil-A recently concluded a credential stuffing campaign breaching the sensitive data of over 71,000+ customers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kentprotect.com\/index.php\/2023\/03\/07\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\/","og_locale":"en_US","og_type":"article","og_title":"2022-2023 Chick-fil-A credential stuffing attack breaches 71,000+ customers - Kent Protect","og_description":"Chick-fil-A recently concluded a credential stuffing campaign breaching the sensitive data of over 71,000+ customers.","og_url":"https:\/\/kentprotect.com\/index.php\/2023\/03\/07\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\/","og_site_name":"Kent Protect","article_published_time":"2023-03-07T19:18:37+00:00","article_modified_time":"2023-03-08T18:29:32+00:00","og_image":[{"width":867,"height":1300,"url":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/03\/pexels-photo-9659880.jpeg","type":"image\/jpeg"}],"author":"Kyler Kent CISSP","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kyler Kent CISSP","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kentprotect.com\/index.php\/2023\/03\/07\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\/#article","isPartOf":{"@id":"https:\/\/kentprotect.com\/index.php\/2023\/03\/07\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\/"},"author":{"name":"Kyler Kent CISSP","@id":"https:\/\/kentprotect.com\/#\/schema\/person\/f9b4d76bd2f5b5559a08ad2e004a1116"},"headline":"2022-2023 Chick-fil-A credential stuffing attack breaches 71,000+ customers","datePublished":"2023-03-07T19:18:37+00:00","dateModified":"2023-03-08T18:29:32+00:00","mainEntityOfPage":{"@id":"https:\/\/kentprotect.com\/index.php\/2023\/03\/07\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\/"},"wordCount":311,"commentCount":0,"publisher":{"@id":"https:\/\/kentprotect.com\/#organization"},"image":{"@id":"https:\/\/kentprotect.com\/index.php\/2023\/03\/07\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\/#primaryimage"},"thumbnailUrl":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/03\/pexels-photo-9659880.jpeg","keywords":["been pwned","breach report","breaches","california","CCPA","CFA","Chick-fil-A","chicken","ciso","class-action","cloud","computer security","credential stuffing","credentialstuffing","cyber security","cybercrime","cybersecurity","dallas","dark web","data breach","executive","exfiltration","fastfood","have been pwned","have I pwned","haveibeenpwned","I been pwned","I have been pwned","kent protect","kentprotect","maine","pwned","restaurant","security","summary"],"articleSection":["The Breach Report!"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kentprotect.com\/index.php\/2023\/03\/07\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kentprotect.com\/index.php\/2023\/03\/07\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\/","url":"https:\/\/kentprotect.com\/index.php\/2023\/03\/07\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\/","name":"2022-2023 Chick-fil-A credential stuffing attack breaches 71,000+ customers - Kent Protect","isPartOf":{"@id":"https:\/\/kentprotect.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kentprotect.com\/index.php\/2023\/03\/07\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\/#primaryimage"},"image":{"@id":"https:\/\/kentprotect.com\/index.php\/2023\/03\/07\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\/#primaryimage"},"thumbnailUrl":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/03\/pexels-photo-9659880.jpeg","datePublished":"2023-03-07T19:18:37+00:00","dateModified":"2023-03-08T18:29:32+00:00","description":"Chick-fil-A recently concluded a credential stuffing campaign breaching the sensitive data of over 71,000+ customers.","breadcrumb":{"@id":"https:\/\/kentprotect.com\/index.php\/2023\/03\/07\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kentprotect.com\/index.php\/2023\/03\/07\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kentprotect.com\/index.php\/2023\/03\/07\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\/#primaryimage","url":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/03\/pexels-photo-9659880.jpeg","contentUrl":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/03\/pexels-photo-9659880.jpeg","width":867,"height":1300,"caption":"Photo by Jace Miller on Pexels.com"},{"@type":"BreadcrumbList","@id":"https:\/\/kentprotect.com\/index.php\/2023\/03\/07\/2022-2023-chick-fil-a-credential-stuffing-attack-breaches-71000-customers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/kentprotect.com\/"},{"@type":"ListItem","position":2,"name":"2022-2023 Chick-fil-A credential stuffing attack breaches 71,000+ customers"}]},{"@type":"WebSite","@id":"https:\/\/kentprotect.com\/#website","url":"https:\/\/kentprotect.com\/","name":"Kent Protect","description":"Starring the Breach Report! and other security and cybersecurity series","publisher":{"@id":"https:\/\/kentprotect.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kentprotect.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kentprotect.com\/#organization","name":"Kent Protect","url":"https:\/\/kentprotect.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kentprotect.com\/#\/schema\/logo\/image\/","url":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/04\/cropped-FullLogo_Transparent-1-with-KP-Smaller.png","contentUrl":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/04\/cropped-FullLogo_Transparent-1-with-KP-Smaller.png","width":209,"height":161,"caption":"Kent Protect"},"image":{"@id":"https:\/\/kentprotect.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/kentprotect.com\/#\/schema\/person\/f9b4d76bd2f5b5559a08ad2e004a1116","name":"Kyler Kent CISSP","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/03\/Retry-3-150x150.jpg","url":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/03\/Retry-3-150x150.jpg","contentUrl":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/03\/Retry-3-150x150.jpg","caption":"Kyler Kent CISSP"},"description":"Kyler Kent is a Senior Cybersecurity Analyst on CrowdStrike\u2019s Falcon Complete MDR team, where he helps large enterprises detect, investigate, and contain real intrusions across cloud and hybrid environments. His work spans threat hunting, incident response, and security automation\u2014turning noisy telemetry into clear, repeatable actions that reduce risk quickly. Previously, Kyler served as a Threat Hunting and Intelligence Specialist supporting a critical infrastructure provider in Dallas, and led security automation and operational coordination at CyberConvoy. He holds a Master\u2019s in Cybersecurity Risk Management from Georgetown University and maintains certifications including CISSP, AWS Solutions Architect \u2013 Professional, AWS Security \u2013 Specialty, and multiple CrowdStrike credentials. He writes to close the gap between \u201cwhat the textbook says\u201d and what analysts actually do on shift with his published book: \"SOC Analyst Career Guide\" (ISBN-13: 9781835467466). https:\/\/linktr.ee\/kentprotect.com Corrections: corrections@kentprotect.com","sameAs":["http:\/\/kylerkent.com"],"url":"https:\/\/kentprotect.com\/index.php\/author\/kylerkent\/"}]}},"_links":{"self":[{"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/posts\/273","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/comments?post=273"}],"version-history":[{"count":5,"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/posts\/273\/revisions"}],"predecessor-version":[{"id":280,"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/posts\/273\/revisions\/280"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/media\/274"}],"wp:attachment":[{"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/media?parent=273"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/categories?post=273"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/tags?post=273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}