Zola, an online wedding registry and planning site, confirmed that it has been hacked after multiple users reported that fraudulent charges were made through their accounts over the weekend.
The company issued a statement on Monday addressing how its site and applications were under a “cybercity attack”. Zola explained that the incident was due to “credential stuffing,” which is “when attackers take advantage of people who use the same email and passwords on multiple websites”.
According to the wedding site, the hackers most likely gained access to account users’ information through third party websites and “used them to try to log in to Zola”.
“Our team detected and immediately jumped into action to protect the accounts of all couples and guests on Zola and reverse any actions taken by the hackers,” the statement reads. “Out of an abundance of caution, our Trust & Safety team also took several additional actions including resetting all passwords.”
The site went on to apologise for the “disruption” caused by the hackers and noted that less than “0.1 percent of Zola couples were impacted” by the hack.
Zola’s team assured that: “all attempted fraudulent cash fund transfers were blocked,” “bank and credit card information was never exposed and continues to be protected,” and that “actions that were not taken by [their’ account users, including fraudulent purchases, are currently being corrected”.
At the time of the statement, Zolaa noted that all “fraudulent purchases [would] be refunded by the end of the day”.
Zola recognised that even though couples may have been “temporarily locked out of their accounts,” the site is still taking the precautions “to ensure the protection of [their] community”.
The company went on to express that is working on responding to everyone who’s reached out about their accounts. Regardless of the incident, Zola said that “couples and guests can absolutely resume their normal activity” on the website.
“Couples who did experience irregular activity on their accounts can rest assured that any outstanding issues will be resolved and addressed,” the statement concluded. “If there has been an issue with your account, we will be reaching out to you proactively.”
Over the weekend, Zola users on social media shared how they were charged for gift cards when their accounts were hacked.
“They charged $650 in gift cards and stole $1000 in monetary gifts for our honeymoon. Even changed the account email so there’s nothing we can do,” one Reddit user wrote.
On Twitter, multiple people emphasised how they were logged out of their Zola accounts entirely after fraudulent charges were made, in the midst of making plans for their upcoming weddings.
“@Zola Been trying to reach customer support the past two days, my account was hacked and they have changed my email address so I cannot log in,” one wrote. “Multiple fraudulent charges. Please help!”
“I need someone to email me back,” another wrote. “I have not been able to access my account all day. I have no idea if my bank accounts were compromised from the hack. I cannot log in to the app or webpage. My wedding is in one week. I need to know that my bank account was not compromised.”