IE 11 is not supported. For an optimal experience visit our site on another browser.

Chipotle customers say their accounts are being hacked. Here's what you need to know

The burrito chain fell victim to a malware attack at stores nationwide just two years ago.
Image: Chipotle To Close Restaurants For Few Hours For Food Safety Meeting
Dozens of customers are complaining that their Chipotle accounts have been hacked.Andrew Renneisen / Getty Images
/ Source: TODAY

Some of Chipotle’s most loyal customers are complaining that they've fallen victim to hungry hackers over the past few weeks, according to a slew of social media posts directed at the chain's official Twitter account.

Burrito fans have taken to Twitter to alert the chain that they've been seeing possible fraudulent activity in their accounts. Some people have even reported strange charges of up to $500 in online orders ... which is a lot of guac.

According to threads on both Reddit and Twitter, the alleged hackers gained access to Chipotle customer accounts and, using stored credit card information, illegally obtained free food orders. The alleged breach of accounts began weeks ago and, since that time, more than 30 people have complained of false charges or unknown orders online.

While Chipotle's official Twitter account has been responding directly to complaints online, a rep for the Mexican Grill chain told TODAY Food that, "We have no indication of any breach of Chipotle’s databases or systems." Customers who purchased in-store orders or those who do not have Chipotle accounts are not at risk.

In March, Chipotle launched a revamped rewards program to attract more customers with new perks. For example, food fans who order via the Chipotle app or the chain’s website can now earn points toward a free entrée and other flavorful freebies.

Chipotle said that the alleged hacking incidents are unrelated to the recent rewards rollout.

“The privacy and security of our customer information is very important to us," the company rep said in an emailed statement. “We are among the many retail, hotel and restaurant companies affected by credential stuffing, in which combinations of user names and passwords are accessed by third parties and used on websites of different companies to see if they can gain access.”

In 2017, Chipotle did fall victim to a malware issue through which hackers stole customer information at stores nationwide.

The restaurant chain said it will continue to field complaints and assess any possible security threats in the coming weeks. Customers who are concerned about their own accounts may contact the chain directly at