Zola Hack: What caused the marriage registry funds to disappear?
Future brides, beware. Hackers gained access to user accounts on wedding planning website Zola over the weekend, leaving unlucky couples watching in despair as money appeared to vanish from their registry accounts. Others said they saw fraudulent charges to their credit cards – and found themselves unable to change their passwords to fix it.
A Zola representative confirmed the cyberattack on Money and said no money was lost. But the impact of the hack for couples, both financially and emotionally, was still reverberating online Monday.
The issue concerned Zola’s Marriage Registry feature, a tool that allows well-wishers to purchase gifts and contribute money to couples directly on the site. Couples can set up cash funds for their honeymoon or other expenses, and gift givers can contribute any amount of money they wish via credit card.
Over the weekend, hackers attempted to access funds held in Zola that users had not yet transferred to their personal bank accounts or spent. Zola users with current registries and those with older accounts have reported unusual activity. Some users have also reported fraudulent gift card purchases.
On Saturday, a Reddit user reported that the hackers charged $650 in gift cards and $1,000 in cash intended for their honeymoon. Another reported that the hackers racked up nearly $7,000 in fraudulent charges on their credit card.
“They took almost $3,000 out of my account and now I’m locked out…this [is] crazy”, a third person wrote on Twitter.
Who was affected by the Zola hack — and how to protect yourself
In a statement to Money, Zola’s spokeswoman Emily Forrest confirmed that Zola was the target of a type of cyberattack called credential surfing, where hackers use emails and passwords already compromised on the (often correct) assumption that many people reuse them on more than one website. In a series of tweets On Sunday, Zola encouraged users affected by the hack to email customer service.
Forrest said no credit card or banking information was exposed and all fraudulent money transfer attempts were blocked. She added that while less than 0.1% of couples on Zola were affected by the attack, Zola reset all user passwords out of an abundance of caution.
“Couples who have experienced irregular activity on their accounts can rest assured that any outstanding issues will be resolved and addressed,” she added.
Zola, a company worth more than $650 million in 2019, is part of the massive wedding industry that has been turned upside down by the pandemic and is coming back to life. There will be around 2.5 million weddings in the United States this year, according to a recent forecast by The Wedding Report, up from 2.1 million weddings in 2019.
Unfortunately, fraudsters too know that marriages are making a comeback. To protect yourself against cyberattacks like this, it’s a good idea to make sure you have a strong, unique password for all of your online accounts. Consider using a password manager and always enable two-factor authentication when available.
This story has been updated to clarify that no money was lost in connection with the incident.
More money :
The 4 Best Wedding Insurance Companies of 2021
Hackers are coming for your Netflix and Hulu passwords
Hacker’s Guide to Protecting Yourself Online