Identity theft is an alarming and ever-present threat, and as consumers and organizations become more vigilant against attacks, identity thieves are becoming increasingly sophisticated and inventive in their methods.
We are currently witnessing a significant data breach in the restaurant industry, specifically targeting individuals who make online reservations. Because of the OpenTable data breach, cybercriminals have set their sights on the app, a widely used service with a network of nearly 60,000 restaurants worldwide. Exploiting OpenTable, these scammers are illicitly obtaining information from unsuspecting users of the platform.
About OpenTable
OpenTable is an online restaurant reservation service that allows users to search for and book reservations at various restaurants without the need to make direct calls. Through the OpenTable website and mobile app, available on iOS and Android, users can browse restaurants, view menus, read reviews, and make reservations conveniently.
Data Requested by OpenTable
It is important to note the information OpenTable asks for when completing a reservation. Users are typically required to provide personal details such as their name, email address, and phone number. This information serves the purpose of enabling the restaurant to contact the user in case of any changes to the reservation. However, it is crucial to understand that OpenTable, in most cases, does not require users to provide credit card details to finalize the reservation. This is where the scammers exploit the OpenTable data breach.
The OpenTable Scam Explained
The scam operates by scammers contacting individuals under the guise of being from the restaurant where a reservation has been made. They falsely “confirm” the reservation details and then inform the victims that providing their credit card details is necessary to secure their reservation spot. Once armed with the credit card information, the scammers call again, this time impersonating the victim’s bank. They claim “unusual activity” on the credit card and convince the victim to authorize a purchase through the bank’s mobile app. Many victims, driven by panic, unknowingly authorize the transaction, giving the criminals unrestricted access to their credit cards.
How Scammers Acquire Your Information
The scammers obtained user information from OpenTable by nefarious means, gaining access to its representatives, customers, and restaurants. Armed with these credentials, they access the restaurant’s account and subsequently call customers with reservations, masquerading as restaurant staff. They deceive users into providing their credit card details, citing the need for deposits or refunds for their bookings. The scammers then exploit these details to carry out unauthorized transactions.
Preventing the Reservation Service Scam
To protect yourself from falling victim to this scam, particularly if you frequently use online reservation services, adhere to the following precautions:
- Terminate Suspicious Calls: If you receive a call from someone claiming to be from the restaurant or your bank, requesting credit card information, immediately hang up. Restaurants typically do not require credit card details unless they have specific policies for last-minute cancellations. To confirm the legitimacy of such requests, independently call the restaurant using their official phone number.
- Monitor Your Bank Account: Never authorize any purchases made through your banking app or credit card that you did not initiate. Should you detect any suspicious transactions, promptly contact your bank or credit card company for assistance and guidance on resolving the issue.
- Report Scammers Promptly: OpenTable has issued an alert to all users, warning them about these scams. If you receive any suspicious phone calls claiming to be from restaurants, report them immediately by emailing phishing@opentable.com.
Protect Yourself Proactively
Due to the widespread exposure of personal information resulting from this data breach, it is crucial to familiarize yourself with protective measures in case your information is compromised. Identity theft protection companies can monitor sensitive data like your home title, Social Security Number (SSN), phone number, and email address. These services can alert you if your information appears on the dark web or is being used to open fraudulent accounts. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use.
Some identity theft protection services have additional benefits, such as identity theft insurance of up to 1 million dollars to cover losses and legal fees, along with a dedicated fraud resolution team to aid in recovering any losses. Digital Privacy Plus provides all the protections against identity theft while monitoring the dark web for your information and proactively removing it from data brokers.
Reserving tables at local restaurants should be a seamless experience. Unfortunately, this incident highlights the additional risks involved. When using online reservation services like OpenTable, it is crucial to remain vigilant. Remember to follow the advice provided, stay alert, and maintain a cautious mindset throughout the reservation process, regardless of its apparent simplicity.