Wedding registry website Zola confirmed that it was hit with a cyberattack over the weekend after dozens of customers complained on social media about their accounts being drained or breached.
Several Reddit users said they received emails this weekend showing charges of hundreds of dollars in either gift cards or monetary gifts. Some users said the email connected to their account was changed, making it impossible for them to log into their accounts.
Others wrote that the money in their honeymoon funds had been transferred out or used to purchase gift cards.
Several other users said the credit cards associated with their Zola accounts were used to make high-priced purchases, even if they had not stored the card on the site and had only used it to shop on the platform.
Dozens complained of no response from Zola for several days.
In a statement to The Record, Zola spokesperson Emily Forrest confirmed that the site was hit with a credential stuffing attack over the weekend, where hackers used stolen email and password sets to gain access to accounts.
Zola did not respond to questions about how many users were affected but said “fewer than 0.1% of all Zola couples were impacted.” In 2020, they reported having about 500,000 users since they launched in 2013.
The company reset all passwords on the site and claimed “all attempted fraudulent cash fund transfer attempts were blocked,” despite what users reported on social media.
“Credit cards and bank info were never