American fast food chain Chick-fil-A has confirmed that customers’ accounts were breached in a months-long credential stuffing attack, allowing threat actors to use stored rewards balances and access personal information.