Customers of Newport Beach-based Chipotle Mexican Grill Inc. (NYSE: CMG) said their online and app accounts were hacked in the last month or so, and are posting on forums like Reddit to complain.
“I got an email of the order and watched live through the app as Doordash delivered the food I paid for to another state,” read one post. “Doordash was not even able to stop the delivery.”
News of the purported breeches was first reported by TechCrunch.
Chipotle told the Business Journal it had no indication of any breach in its databases or systems, though it may have been targeted.
“We are among the many retail, hotel and restaurant companies affected by credential stuffing, in which combinations of user names and passwords are accessed by third parties and used on websites of different companies to see if they can gain access,” the company said in a statement. “We continue to monitor any possible security issues and we are constantly investing in security measures to protect our customers.”
The latest security issues don’t appear to be of the magnitude of 2017’s well-publicized malware attacks affecting thousands of Chipotle stores and other restaurant chains.
