Credential-Harvesting Blitz Puts Tinder, News Corp, Chick-fil-A on Alert

By  |  June 1, 2025
 | 

The hacking group known as “Scattered Spider” has had a busy year.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    The gang recently breached the systems of British retailer Marks & Spencer (M&S) and has spent months trying to trick workers for some of the world’s biggest brands into sharing their passwords, the Financial Times (FT) reported Sunday (June 1).

    The group’s signature move, the report said, involves social engineering scams. The hackers conduct thorough research into company employees, impersonate them on the phone, and trick other colleagues into turning over the information needed to carry out a cyberattack.

    As the report noted, these efforts have helped Scattered Spider carry out some high-profile attacks, including a breach in 2023 at MGM Casinos and Resorts in Las Vegas that brought those hotels to a standstill

    And in the case of M&S, the group’s attack cost the chain up to $403 million in operating profits and erased more than $807 million in market capitalization. However, the report added, Scattered Spider isn’t solely interested in money.

    “They’re not exclusively financially motivated — they like the clout, they like the mainstream media attention,” Charles Carmakal, chief technology officer at the Google-owned Mandiant Consulting, told the FT.

    The report also includes comments from threat researcher Zach Edwards, who said he has tried to warn other potential targets while monitoring Scattered Spider’s movements. These include companies ranging from Tinder to News Corp to Chick-fil-A

    Soon after Easter, the report added, retailers began getting calls to their help desks, likely Scattered Spider hackers posing as employees, according to cybersecurity professionals who have been tapped to shut down leaks.

    “They tend to hit a bunch of companies in the same sector for a few weeks before they move on,” said Carmakal, whose company began getting SOS calls from companies “telling us that they’re dealing with an active attack.”

    Meanwhile, PYMNTS wrote recently about the social engineering attack on crypto exchange Coinbase — which the company has said could cost up to $400 million — and how companies can address the problem.

    “There are standard approaches to addressing such threats, including least privilege access, separation of duties, and monitoring and alerting on suspicious activities. Behavioral monitoring is another key area, and we will likely hear more about its role in future security solutions and controls,” Randolph Barr, CISO of Cequence Security, told PYMNTS.


    Recommended

    AI Demand Has Wall Street Snatching Up Utility Companies

    Anthropic Valuation Could Hit $100 Billion in New Investment Round

    OpenAI, ChatGPT, voice tech, AI

    OpenAI Seeks Piece of ChatGPT-Driven eCommerce Sales

    Banks Face Tougher Customer Demands as Digital Frustrations Rise

    See More In: , , , , , , , , , , , , , , , ,