Wedding planning site Zola confirms it was hacked after users reported fraudulent accusations
Zola, an online wedding registry and planning site, has confirmed it has been hacked after several users reported fraudulent charges were made through their accounts over the weekend.
The company released a statement on Monday explaining how its site and apps were subject to a “cybercity attack.” Zola explained that the incident was due to “credential stuffing”, which is “when attackers take advantage of people who use the same email and passwords on multiple websites”.
According to the wedding site, the hackers most likely gained access to account users’ information through third-party websites and “used them to try to log into Zola.”
“Our team detected and took immediate action to protect all couples’ and guests’ accounts on Zola and reverse any action taken by the hackers,” the statement said. “Out of an abundance of caution, our Trust & Safety team has also taken several additional steps, including resetting all passwords.”
The site then apologized for the “disruption” caused by the hackers and noted that less than “0.1% of Zola couples were affected” by the hack.
Zola’s team assured that: “all attempts to transfer fraudulent cash funds have been blocked”, “banking and credit card information has never been exposed and continues to be protected”, and that “actions that have not been taken by [their’ account users, including fraudulent purchases, are currently being corrected”.
At the time of the statement, Zolaa noted that all “fraudulent purchases [would] be reimbursed by the end of the day”.
Zola acknowledged that while the couples may have been “temporarily locked out of their accounts,” the site is still taking precautions “to ensure the protection of [their] community”.
The company then said it was working to respond to everyone who contacted their accounts. Regardless of the incident, Zola said “couples and guests can absolutely resume normal business” on the website.
“Couples who have experienced irregular activity on their accounts can be assured that any outstanding issues will be resolved and addressed,” the statement concludes. “If there has been an issue with your account, we will proactively contact you.”
Over the weekend, Zola users on social media shared how they were charged for gift cards when their accounts were hacked.
“They charged $650 in gift cards and stole $1,000 in monetary gifts for our honeymoon. I even changed the account email so we couldn’t do anything. » a Reddit user wrote.
On Twitter, several people pointed out that they had been completely disconnected from their Zola accounts after fraudulent accusations were made, as they planned their upcoming weddings.
“@Zola I tried to reach customer support for the past two days, my account got hacked and they changed my email address so I can’t log in,” one wrote. “Several fraudulent charges. Please help!”
“I need someone to email me back,” wrote another. “I couldn’t access my account all day. I have no idea if my bank accounts were compromised by the hack. I can’t log in to the app or webpage. My wedding is in a week I need to know that my bank account has not been compromised.