If you’re engaged to be married and active on social media, then the news of the cyber attack on a major wedding platform over the weekend of May 20-22, 2022 likely rattled you, and reading accounts of partners who lost their funds and had hundreds of dollars in gift card charges on their credit card bills probably had you questioning whether having a cash wedding registry would be a good idea at all.
But don’t panic just yet. It’s important to understand what happened with one of the world’s largest wedding platforms and how you can use the information to make more informed decisions about cash wedding registries going forward. After all, not all cash wedding registry platforms are created equally, and the more you know, the more secure you’ll feel in choosing the right platform.
Here’s what you can learn to stay one step ahead of hackers while still building the wedding registry you’ve always wanted.
What happened?
TechCrunch first mentioned the cyber attack on May 23, who confirmed that hackers had obtained some usernames and passwords, but the company denied that its systems had been breeched. The platform’s users first reported the hack on social media as they discovered that their honeymoon funds had been partially or entirely depleted and gift cards had been charged to their credit cards.
One Reddit user posted: “Mine got hacked today. They charged $650 in gift cards and stole $1000 in monetary gifts for our honeymoon. Even changed the account email so there’s nothing we can do. No answer from support.” Another said they’d lost the $450 in their account and had $500 worth of fraudulent credit card purchases.
A spokesperson for the platform said that hackers used a technique called “credit stuffing,” a type of attack in which hackers use exposed or breeched usernames and passwords from other sites to then try and gain access to accounts on other websites using the same account information. Basically, if the username and password you use over and over for most internet accounts became exposed, hackers could then take that information and plug it into other websites in the hope that you also have an account there.
“The vast majority of couples were not impacted, but we are deeply apologetic to those who detected any irregular account activity,” the spokesperson told TechCrunch. “Our team acted as quickly as possible to protect our community of couples and guests, and we were able to block all attempted fraudulent transfers.”
The startup said it was working quickly to correct the problem and reset all user passwords just to be shape. It also suspended its iOS and Android apps and promised to refund all fraudulent purchases.
The company told TechCrunch that only .01% of accounts had been affected by the breech, but it also refused to disclose how many accounts that added up to be. While that percentage is certainly small, .01% of 500,000 accounts is still 5,000 people. It’s a small number in comparison, but if you’re part of that unlucky group, then it certainly means a lot to you.
Some users who didn’t have money stolen still worried that the attack compromised other information on file. One Reddit user who was “panicking” said they emptied the account the previous week, but their bank account information could still be seen in a hacker entered their account.
What do I need to know to protect myself?
Because we’re all so used to entering the same passwords for multiple sites and trusting stores and other companies with our important information, it’s easy to forget that all of this vital information can be vulnerable to cyber attacks, which are more common than you might think.
According to Cobolt’s 2021 cyber security report, cyber threats have continued to grow. IBM reported that in 2020, the average cost of a cyberattack to a business was $3.86 million, and it took an average of 200 days for companies to detect the breech. And Verizon noted at 86% of cyberattacks were motivated by financial gain. That means what hackers really want is money, and they’re not slowing down their attempts to target all sorts of companies.
This might make you want to log off forever, but you can lessen your chances of becoming a cyberattack victim by following these tips and guidelines.
Familiarize yourself with cyberattack lingo
Do you know what a phishing attempt is? Or a social engineering attack? The world of cyber security is vast, and there are a lot of terms to learn. But the more you know, the better you’ll be able to spot a potential threat and shut it down.
Phishing attempts come from hackers trying to pose as representatives from companies that you use in order to get you to give them your username and password so they can go in and take over your account. Some hackers will call parents or grandparents and insist their child or grandchild has been arrested and needs bail money. Others will copy the look of your bank’s emails and try to get you to change your password using a fraudulent link. Some will even send you a text message, telling your your account has been hacked and urging you to change your password.
Hackers rely on urgency, claiming that you need to act now and providing very little time for you to verify anything. They’re also hoping that you’l be so flustered that you won’t stop and think about what you’re being asked to do.
Familiaze yourself with these practices and terms and learn the obvious signs of phishing and other cyberattacks so you feel confident navigating your accounts.
Always create unique passwords
We get it: It is incredibly difficult to remember unique passwords for every website you use. But you should put in the work to better protect yourself. Remember, many targeted in the latest attack were vulnerable because they used the same password on multiple sites. The hackers could then go in each matching account and drain whatever money was kept there.
Many browsers will suggest unique passwords when you create new accounts, and they’ll often save those passwords so you have them safely stored. Many phones will do the same. If you don’t want to have unique passwords for every single account, then prioritize the ones that involve money transfers, such as banks and cash apps like PayPal, as well as any stores you frequently buy from online. For accounts that have no credit card information stored or any important personal information, you can probably use the same password, provided it’s a good one.
Check out some password best practices here. And remember, you can always keep a notepad with passwords written down instead of saving them somewhere digitally. It’s an extra step, but you’ll feel secure knowing all your passwords are safe.
Set up two-step authentication when possible
Two-step authentication, also known as 2FA, creates an added level of security that makes your account much more difficult to access. You’ve probably seen this when you try to log into your Gmail account on a laptop, and Google asks you to open its mobile app and tap the corresponding number that it gives you. You might also use Google’s authenticator app for sites like Facebook. The app generates a new six-digit code every minute or so, which means only someone with your phone could possibly access the number.
Beware of “free” platforms
Nothing in life is ever free - even a free wedding registry platform. Some sites offer free wedding invite samples and other perks, but they still insist on getting your credit card information before they give you the goods. Others might offer a free trial but force you to enter your payment method before you access the trial.
You can find plenty of “free” wedding registry platforms, but it’s important to ask yourself: How am I putting myself at risk through this allegedly free service?
What should I look for when choosing a cash wedding registry platform?
The latest attack has most likely scared many couples, forcing them to rethink whether they want to use a cash wedding registry platform at all. But these registries, like Hitchd, offer couples so many benefits, such as the ability to politely ask for cash as a wedding present and the freedom to design a honeymoon-centric registry.
Here’s a quick checklist to help you determine which cash wedding registry platform will work best for you.
Who holds onto my money?
In the most recent case, the company itself managed its users’ money and stored it, which meant when it was hacked, the hackers could take the money right away. But not every platform does this.
Hitchd, for example, partners with Stripe, the payment processing platform that holds all money given to the couple, in the couples own Stripe account. This ensures that if we were ever to be hacked, your money would be secure. Stripe also mandates that all users turn on two-factor authentication, so your money will be protected even if someone tries to hack your account. Most companies will tell you how they handle your gift money, so answer this question first before giving important information.
How can guests pay for gifts?
A cyberattack could leave payment information vulnerable, so if you’re worried about protecting your friends’ and family members’ financial information, then you should look into how the platforms handles gift payments. Most will accept credit cards, but others, like Hitchd, will also accept PayPal, debt cards and even bitcoins. When your guests have multiple options of payment, then they can decide how they want to protect their own personal information.
How quickly can I access my money?
In the event of a cyberattack, you probably want to pull your money out of your account right away. But some cash wedding registry platforms don’t provide unlimited access to your funds. In fact, some will force you to wait until after the wedding to send you the money while others will charge you for withdrawing early.
With Hitchd, you have access to your funds on Day 1, so you never have to leave the money in your Stripe account if you don’t want to. Stripe also takes meticulous care of its customers so their information stays private.
In general, cash wedding registries are perfectly safe to use for your upcoming nuptials, but as with any other account online, you do need to be cautious with your personal and financial information. If you’re always creating unique passwords and using diligent platforms like Hitchd, then you’ll be less vulnerable to cyberattacks and feel good about shopping online.
Ready to get started? Create an account with Hitchd here.
Fund memories, not things.
The modern registry where guests fund your dream honeymoon. It's simple and beautiful. Start your registry