Zola accounts hacked, some report money being stolen
Zola, the online wedding planning and registry site, was hacked over the weekend, the company said in a statement Monday evening.
“Over the weekend, our site & apps came under a cybersecurity attack known as credential stuffing," the statement read.
Credential stuffing, the company said, is a kind of cyberattack in which hackers "take advantage of people who use the same email and passwords on multiple websites," using stolen login information to submit widescale login attempts in several different places.
Less than 0.1% of accounts were impacted in the breach, according to Zola.
Bank and credit card information was not exposed in the hack, and officials said the company immediately corrected the problem.
Users first began flagging irregularities with their Zola accounts over the weekend. Some couples said they had money stolen out of their honeymoon registries before they were able to transfer it over to their bank accounts.
Ariel Carpenter, a Louisville doctor, said she was one of those impacted by the hack, describing the experience as a "rollercoaster."
"It just feels very violating because planning a wedding is a very personal enterprise. At the end of the day, you're planning a party for your closest family and friends," said Carpenter, who is slated to get married at the end of June. "And so my initial thought, unfortunately, was that whoever hacked us had access to our family and friends' contact information."
Carpenter said she had lost $350 from her honeymoon account on the website, but had not yet received a refund.
Zola said no guest information was compromised in the cyberattack.
The company also stated that it had blocked all attempted unauthorized cash transfers and would restore all funds to couples' accounts as soon as possible.
"Couples who did experience irregular activity on their accounts can rest assured that any outstanding issues will be resolved and addressed," Zola said Monday, stating that it would be reaching out to couples "proactively."
Experts recommend against recycling passwords across different sites as it leaves users vulnerable to cyberattacks like the one this past weekend. Some have suggested using a combination of three random words to create stronger passwords, as the letter combinations make them much more difficult for hacking software to crack.
Tech experts also recommend wiping your phone completely and resetting it to factory defaults before getting rid of it, as hackers may be able to request a password reset on various accounts and apps otherwise.