Cyber Incident Victim: Zola
Date:
May 2022
Location:
United States of America
Summary
A wedding planning platform experienced a blocked security breach attempt targeting user funds, impacting a small fraction of registered couples. The company confirmed no financial losses occurred, with credit card and bank information remaining protected and cash funds held in segregated accounts. All user passwords were proactively reset as a precaution despite minimal confirmed compromise. Internal and external security teams enhanced existing measures—including two-factor authentication, account lockouts, and suspicious IP monitoring—while addressing unauthorized transactions. Fraudulent cash transfers were intercepted, and affected accounts received refunds and corrective actions without exposing guest payment data. Normal operations resumed following password resets, with direct outreach limited to impacted users.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around May 1, 2022, Zola, Inc. experienced a security incident involving an attempted breach targeting customer accounts and funds. The attackers sought to gain unauthorized access to accounts, with a specific focus on cash funds, but were blocked by Zola’s security systems. The company confirmed that less than 0.1% of registered couples were impacted by the incident. No cash losses occurred due to protective measures segregating cash funds in separate accounts, and no credit card or bank information was exposed. Zola responded by resetting all user passwords preemptively, regardless of whether suspicious activity was detected on individual accounts, citing an abundance of caution. Affected users received direct communication from Zola’s team, while the broader user base was instructed to reset passwords via a provided link and adopt stronger, unique credentials. The company emphasized that normal site functionality—including registry purchases, RSVP management, and wedding website interactions—remained safe for all users after password resets.
Zola’s incident response leveraged existing security protocols, including two-factor authentication (2FA), account lockouts after excessive login attempts, and IP address monitoring systems, which were enhanced following the breach attempt. The company’s internal Trust & Safety team collaborated with an external security firm to investigate impacted accounts and implement corrective measures. All fraudulent cash transfer attempts were blocked, and Zola committed to refunding 100% of fraudulent orders by the end of May 1, 2022. The investigation confirmed that unauthorized actions on user accounts would be reversed. Zola reiterated that guest credit card data was never stored on its systems, and financial information remained protected throughout the incident. The company assured users that 99.9% of accounts were unaffected and that all outstanding issues related to the breach would be resolved. Post-incident communications emphasized restored platform security and encouraged resumed activity without operational disruptions.