Red Rooster Has Been Hacked?

YouWinAgain on 01/11/2019 - 17:11
Last edited 01/11/2019 - 17:39 by 1 other user

I just got this email…

My only question is "WHY?"

WHY would anyone bother with hacking an account for free chicken??? A whole BBQ chicken costs $15 at Red Rooster and you need to spend thousands of dollars to get enough points with them to get a chook - I'm pretty sure maybe 5 people in Australia have this many points!!!

Are they just using this as a form of advertising for themselves? Any publicity is good publicity!:

Hi Sir/Madam,

Red Rooster (a brand controlled by Craveable Brands Pty Ltd) has recently been informed by a small number of customers that their Red Royalty accounts were accessed by an unauthorised third party. Red Rooster treats any potential misuse of data, regardless of the extent of that misuse, exceptionally seriously. Our priority is to minimise any impact on you, our most loyal customers, specifically in this case, the potential impact being the misuse of your Red Royalty dollars.

We have conducted an investigation with a third party IT Security consultant and concluded that the issue is related to what is known as credential stuffing. Effectively, credentials such as an email and password combination are obtained from a data breach on one service and are used to attempt to log in to another unrelated service. These attempts have low success rates, but in this case, your account has been identified as one account at risk (i.e. it is possible that the unauthorised third party accessed your Red Royalty account). Red Rooster does not believe that its system was or has been hacked by the third party. However, unauthorised access to your account could result in the third party obtaining your name, address (residential and/or email), phone number or birth date information if this is stored in your account. It could also result in your Red Royalty dollars being redeemed without your consent.

Most important for you at this time is completing some recommended next steps:

Monitor your Red Royalty account for unauthorised use of your loyalty dollars. If you believe that you have been impacted, you may reach out to us here.

Change your password on your Red Royalty account by clicking here.

It is best practice to not use the same username and password combination across multiple accounts. If you routinely use the same password across different services, it is recommended that you change the password on other accounts that you may have.

Continually be wary of phishing emails, telephone calls and text messages from any service requesting personal information. Avoid opening scam emails and text messages with attachments and links from unknown senders.

Food & Grocery

Related Stores

Red Rooster
Red Rooster

Comments

  • xuqi on 01/11/2019 - 17:25
    +2

    товарищ Hungry.

  • John Kimble on 01/11/2019 - 17:27

    Free chicken! Why not? People steal anything and everything.

  • [Deactivated] on 01/11/2019 - 17:27
    +5

    Effectively, credentials such as an email and password combination are obtained from a data breach on one service and are used to attempt to log in to another unrelated service.

    also: name, address (residential and/or email), phone number or birth date

    The details are sold on the dark web.

    • Baysew on 01/11/2019 - 17:34
      +2

      Any bargains?

  • HighAndDry on 01/11/2019 - 17:31

    People reuse passwords. And hackers can cross reference data from multiple hacks/sources to build complete enough profiles to then commit identity theft.

  • trustnoone on 01/11/2019 - 17:32
    +2

    I mean, at least they emailed you about it, dominos australia got hacked and we were told nothing. I couldn't figure out why I kept getting emails asking me about my croyden address (since I don't live there) until someone I think on ozbargain commented Doominos got hacked that I realized thats where I've been ordering all my dominos from.

  • ausdday on 01/11/2019 - 17:40
    +1

    Speaking as a software developer:

    Well, simple, because they can. Challenge accepted.

  • fishball on 01/11/2019 - 17:52
    +2

    This is why I use a secure password like hunter42

    • OZBMate8911 on 01/11/2019 - 19:13
      +4

      Damn, I would have guessed fishball1

    • robinCTS on 01/11/2019 - 19:14

      Surely fishball is a much more secure password? Plus way easier to remember!

    • vikvance on 01/11/2019 - 20:15
      +4

      "This is why I use a secure password like hunter42" would be a very secure password.

      • blitz on 01/11/2019 - 22:18
        +2

        ""This is why I use a secure password like hunter42" would be a very secure password." would be an even more secure password.

  • minniethemoocher on 01/11/2019 - 21:25

    I got this too. Bizarre they state this is credential stuffing because I don't use the email or mobile with this password any on other sites.

    • robinCTS on 01/11/2019 - 22:46

      From the email (my emphasis):

      your account has been identified as one account at risk (i.e. it is possible that the unauthorised third party accessed your Red Royalty account).

      Looks like they ran some algorithm to determine possible suspicious logins to all the accounts. Seems like your logins look "suspicious" 😉 (One possible source of false positives would be if you use a VPN.)

  • rcrowl on 01/11/2019 - 23:15

    Strange, i got the email, i opened my app, it had the name 'null' all my details gone ? no card number, nothing, so i logged put, changed my password, logged back in and now all my details and card number are now there ? Strange !!!

    • tooblue on 04/11/2019 - 21:49
      -1

      How many have you drunk? It's not even Friday.

  • kusama on 02/11/2019 - 09:56

    Red Rooster should be preventing users from using a breached password if they want to follow best practice

    https://developer.okta.com/blog/2018/06/11/how-to-prevent-yo…

Login or Join to leave a comment
Login Join