"Our monitoring systems have found a small number of Colonel’s Club accounts may have been compromised as a result of our website being targeted. Whilst it’s unlikely you have been impacted, we advise that you change your password as a precaution. If you use the same email address and password across other services, you should also reset them, just to be safe."
Now let's be clear about something. KFC members who reuse their password across multiple services shouldn't change it just because of this attack. They should do so because it's good password security.
Attackers are banking on the fact that users protect multiple accounts with the same password. If they obtain a single set of credentials, they'll try authenticating the user across other services to see if they can gain access. It's called a password reuse attack, and it's something against which Carbonite, GitHub, and others tried to protect their users in 2016 following the mega-breaches at LinkedIn and Tumblr.
If you are a KFC Colonel's Club member, make sure you follow these recommendations when choosing a strong, unique password for each of your web accounts.
In the meantime, KFC said it's introduced "additional security measures" to protect members and "stop this kind of thing from happening again." It also apologized for the inconvenience that this incident might have caused users.
