Couples using the online wedding registry website Zola, which allows users to compile registries, shop for invitations and hunt for vendors, took to social media over the weekend to report that their accounts had been hacked.
When someone hacks your @Zola account and has now access to all your and yours guests info and spends $750 on gift cards and Zola doesn’t even send you an email about it let alone be available when you call. If you’re having a wedding, don’t use them.
— Alba (@JustplainAlba) May 23, 2022
Zola tweeted on Sunday that “all funds, credit cards and bank info continue to be protected.”
“Our site came under a cybersecurity attack known as credential stuffing,” a Zola spokesperson said in a statement; this is a process by which hackers exploit people who use the same email address and password to gain access to multiple sites. “We are happy to report that all attempted fraudulent cash fund transfers were blocked,” the spokesperson said. “No cash has actually been lost by our couples. Credit cards and bank info were never exposed and continue to be protected.”
The spokesperson added that fewer than 0.1% of all Zola couples had their accounts compromised, and that the company is working to address all customer requests as quickly as possible.
An anonymous Zola customer told The Daily Beast that Chase Bank had alerted their fiancé to fraudulent activity on her card on Saturday. “We logged into our Zola account and saw that that not only were there a bunch of charges trying to be processed on her card, but also that our wedding gift fund had been drained,” the customer said.
Screenshots of the customer’s account show zero funds available for transfer.
“We cancelled the credit card, and contacted Zola,” the customer said. “Their phone lines were going straight to a message saying to email them, so we emailed them twice and heard nothing.”
Now, the customer says, their fiancé is locked out of her Zola account, but that they hope to recover the missing funds.
“I have no idea how they’re trying to remedy the situation,” the customer said, “since the person put a whole new bank account in there it seems.”
The Daily Beast has reached out to Zola to ask how or if it would refund customers who said they had lost money as a result of the hacking.