Online wedding registry confirms hack

A bride and groom take photos in Times Square in New York City earlier this year. Photo by John Angelillo/UPI | <a href="/News_Photos/lp/7a3954e7f891d87fa3ff6613f04f3377/" target="_blank">License Photo</a>
A bride and groom take photos in Times Square in New York City earlier this year. Photo by John Angelillo/UPI | License Photo

May 23 (UPI) -- Online wedding registry confirmed Monday that hackers breached user accounts after complaints over the weekend.

TechCrunch first reported the hack of the New York-based wedding planning startup, which along with gift registries, also helps couples prepare budgets and websites for the big day.


Telegram Channel posts, seen by TechCrunch, showed that customer accounts were breached by hackers who ordered gift cards from their accounts.

Zola confirmed the gift card orders and said it was "quickly working" to rectify the situation.

RELATED D.C. Attorney General sues Mark Zuckerberg for Cambridge Analytica data leaks

"The vast majority of the gift card orders have already been refunded and 100% will be refunded by the end of the day," Zola spokesperson Emily Forrest said in a statement to TechCrunch. "Any action that a couple did not take will be corrected."

The company became aware of the breach and said it was working to reconcile the situation after customers took to social media to complain that their accounts were compromised over the weekend, including some who reported that their account funds had been depleted.

Forrest said in the statement to TechCrunch that the accounts were breached because of a "credential stuffing" attack, where hackers use exposed or breached usernames and passwords to hack multiple accounts on different sites that share the same credentials.


"The vast majority of Zola couples were not impacted, but we are deeply apologetic to those who detected any irregular account activity," Forrest added. "Our team acted as quickly as possible to protect our community of couples and guests, and we were able to block all attempted fraudulent transfers."

"Credential stuffing," attacks most likely occur through a third-party site.

Customers were affected by the hack as recently as 10 p.m. Sunday, NBC News reported.

RELATED North Korean hackers pulled off $620 million crypto heist, FBI says

According to the company, fewer than 0.1% of customers were affected by breach.

Zola told NBC News it has two-factor authentication in place, and its expanding its usage.

"All couples can absolutely resume their normal activity on Zola," the company added.

Latest Headlines


Follow Us