The Independent's journalism is supported by our readers. When you purchase through links on our site, we may earn commission. 

Wedding planning site Zola confirms it was hacked after users report fraudulent charges

Wedding site said that less than .01 per cent of Zola users were impacted by the hack

Amber Raiken
New York
Tuesday 24 May 2022 22:09 BST
Comments
(Getty Images/iStockphoto)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Zola, an online wedding registry and planning site, confirmed that it has been hacked after multiple users reported that fraudulent charges were made through their accounts over the weekend.

The company issued a statement on Monday addressing how its site and applications were under a “cybercity attack”. Zola explained that the incident was due to “credential stuffing,” which is “when attackers take advantage of people who use the same email and passwords on multiple websites”.

According to the wedding site, the hackers most likely gained access to account users’ information through third party websites and “used them to try to log in to Zola”.

“Our team detected and immediately jumped into action to protect the accounts of all couples and guests on Zola and reverse any actions taken by the hackers,” the statement reads. “Out of an abundance of caution, our Trust & Safety team also took several additional actions including resetting all passwords.”

The site went on to apologise for the “disruption” caused by the hackers and noted that less than “0.1 percent of Zola couples were impacted” by the hack.

Zola’s team assured that: “all attempted fraudulent cash fund transfers were blocked,” “bank and credit card information was never exposed and continues to be protected,” and that “actions that were not taken by [their’ account users, including fraudulent purchases, are currently being corrected”.

At the time of the statement, Zolaa noted that all “fraudulent purchases [would] be refunded by the end of the day”.

Zola recognised that even though couples may have been “temporarily locked out of their accounts,” the site is still taking the precautions “to ensure the protection of [their] community”.

The company went on to express that is working on responding to everyone who’s reached out about their accounts. Regardless of the incident, Zola said that “couples and guests can absolutely resume their normal activity” on the website.

“Couples who did experience irregular activity on their accounts can rest assured that any outstanding issues will be resolved and addressed,” the statement concluded. “If there has been an issue with your account, we will be reaching out to you proactively.”

Over the weekend, Zola users on social media shared how they were charged for gift cards when their accounts were hacked.

“They charged $650 in gift cards and stole $1000 in monetary gifts for our honeymoon. Even changed the account email so there’s nothing we can do,” one Reddit user wrote.

On Twitter, multiple people emphasised how they were logged out of their Zola accounts entirely after fraudulent charges were made, in the midst of making plans for their upcoming weddings.

@Zola Been trying to reach customer support the past two days, my account was hacked and they have changed my email address so I cannot log in,” one wrote. “Multiple fraudulent charges. Please help!”

“I need someone to email me back,” another wrote. “I have not been able to access my account all day. I have no idea if my bank accounts were compromised from the hack. I cannot log in to the app or webpage. My wedding is in one week. I need to know that my bank account was not compromised.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in