Hackers hack into Zola’s marriage registry site and drain funds from couples’ accounts – NBC New York

Marriage registry website Zola has confirmed it suffered a cyberattack over the weekend after dozens of customers took to social media to complain about their accounts being breached and the depletion of their honeymoon funds.

In a statement to BNC News, Zola said the attack was the result of “credential stuffing,” where exposed or breached usernames and passwords are then used to gain access to accounts on different websites. sharing the same set of credentials. Experts have long warned against using the same username and password across multiple sites due to the increased risk of exposure through credential stuffing.

The company said credit card and banking information was never exposed and continues to be protected. He also claimed that less than 0.1% of all Zola users had been affected, although he did not say whether that included active and inactive users.

Zola temporarily suspended its iOS and Android apps over the weekend and reset all user passwords out of “excess caution.” Service for both apps was restored on Sunday.

In a series of tweets posted on Sunday evening, Zola assured customers who “experienced irregular activity” that their gifts, credits and funds would be reconciled, and urged users to email their support team.

“Our support team is working around the clock to respond to each affected customer,” Zola tweeted. “If you haven’t heard back from us yet, we appreciate your patience and will get back to you as soon as possible. Again, we’re very sorry for any stress or concern this has caused.”

As of 2 p.m. ET on Monday, several users were still reporting being affected by the hack.

Michael N. Clark