Nando’s customers pay the price of using the same password across multiple accounts

This week, the National Cyber Security Centre (NCSC) has shared details of a cyber attack in which criminals targeted Nando’s customers who used the same passwords for multiple online accounts.

This kind of scam is called “Credential Stuffing” and exploits those who use the same login details in different places.

Hackers placed large orders on targeted customers’ accounts, meaning they were left with expensive bills to pay. Luckily, the popular restaurant chain promised to reimburse affected customers.

To avoid falling victim to a similar scam, we recommend using different passwords across your accounts. If you struggle to remember your various logins, you could save them in your browser providing you trust others who use your device.

Passwords should also contain three random words. We share more guidance for creating a strong password here: