Zola, a prominent wedding planning service renowned for its online gift registries, guest list management, and wedding websites, said Monday that hackers had accessed a number of its users’ accounts and attempted to begin fraudulent cash transactions.

Some Zola users reported on social media over the weekend that linked bank accounts were exploited to purchase gift cards. A Reddit user reported seeing compromised Zola accounts being resold on the black market and used to buy gift certificates.

Zola’s director of communications, Emily Forrest, told The Verge that the unauthorized account access took place through a “credential stuffing” attack, where hackers test out email and password combinations stolen from other breaches across a range of websites to target people using the same password on multiple sites.

“We understand the disruption and stress that this caused some of our couples, but we are happy to report that all attempted fraudulent cash fund transfer attempts were blocked,” Forrest said. “Credit cards and bank info were never exposed and continue to be protected.”

In addition, Forrest stated that the company is aware of fraudulent gift card orders and is attempting to resolve them. She claimed that there was no direct compromise of Zola’s infrastructure and that less than 0.1 percent of Zola users were affected.

Zola sent out a mass email on Sunday telling subscribers that their account passwords had been automatically changed. The action was extended to all site users “out of an abundance of caution,” according to Zola, albeit the great majority were not affected. The Zola app for iOS and Android was also disabled during the event but has subsequently been re-enabled.

Zola presently does not support two-factor authentication for account users, making credential stuffing attacks much easier to execute. The absence of a second authentication step is contrary to recommended practices for a site like Zola, which manages a big quantity of personally and financially sensitive customer data.

Zola has directed any affected users to contact support@zola.com for further information.

For the latest Sci-Tech News Follow BOL News on Google News. Read more on Latest Sci-Tech News on oldsite.bolnews.com