Dozens of Chipotle Mexican Grill customers are posting complaints on various social media channels about their online accounts being hacked with purported violators using their stored credit cards to buy as much as $300 worth of food.
According to threads on Reddit and Twitter, the breach of online Chipotle accounts has occurred over the past couple of months. More than 30 people have complained on Twitter, reporting the hack to Chipotle’s main Twitter account: @ChipotleTweets
“My account was hacked, someone ordered $42 worth of food, and used my saved credit card info to pay for it. I reached out to the store and have contacted you via your website with no response. Can I get some help getting a refund?” one person said on Twitter.
Five days ago, “James7679” on reddit posted: “My account was hacked two weeks ago. Over $300 in food was ordered.”
Chipotle said there has been no data breach, and the incidents reported by customers are unrelated to the brand’s new rewards program, which launched in March.
“The privacy and security of our customer information is very important to us. We have no indication of any breach of Chipotle’s databases or systems,” the company said in a statement. “We are among the many retail, hotel and restaurant companies affected by credential stuffing, in which combinations of user names and passwords are accessed by third parties and used on websites of different companies to see if they can gain access.”
The company said it will continue to monitor any possible security issues. Customers concerned about information security, can contact the brand through this email: [email protected].
In 2017, Chipotle said customer credit cards were breached for a short period in late March and mid-April. At the time, Chipotle said an investigation determined that malware designed to access payment card data from cards used on point-of-sale devices was used at restaurants.
Related: Chipotle launches new loyalty program
Contact Nancy Luna at [email protected]
Follow her on Twitter: @FastFoodMaven