Nando's customers say they've been left hundreds of pounds out of pocket after falling victim to a cyber-attack.
Fans of the popular restaurant chain say their accounts - including usernames and passwords - have been compromised and used to place incredibly high orders.
Single mum-of-three Sandy Warden said her daughter, Mia, lost £114.50 after her account was accessed by criminals.
The 18-year-old from Hertfordshire said she used her bank details a week before to place an order online via a QR code in her local branch.
Mia was at home on September 21 when she received an email from Nando’s claiming she'd placed an order.
"It said she'd placed a huge order at the Kensington High Street branch," Sandy told Mirror Money.
Have you been affected by this scam? If so email webnews@trinitymirror.com
"She immediately checked her bank and £53.75 had been taken.
"Immediately, she received another email detailing a second transaction for another huge order - this time amounting to £60.75.
"This was also taken from her bank account so she quickly stopped her card.
"We eventually found the telephone number for the Kensington High Street branch and after a while managed to talk to the manager who confirmed that there were a group of young people who'd placed the same orders in store.
"They said they'd had numerous attempts blocked while trying to purchase further orders.
"They’d just left the branch with all the food from the original two orders. He said he had CCTV and we had to contact head office to obtain a refund."
Sandy - who has also reported the incident to Action Fraud - said that her daughter's bank details were not registered on her Nando's account.
"The worrying thing is that her bank and card details were not stored anywhere, not on the Nando's app or her online account! She had never been to the Kensington High Street branch," she said.
"The last time she’d been at any Nando's was the week before in Hemel Hempstead, our nearest branch, where she'd ordered via their QR code online and had to physically enter her card details.
"Her card is not stored on her account and also they had changed the mobile number on the account, presumably so they could receive the orders they’d placed.
"We quite quickly received a refund after complaining on twitter, however we're yet to receive any explanation as to how the attack happened."
In another case, a customer said she lost £670, while nursing student Ragan Burrows, 21, from Sheffield, lost £133.
The hackers used her account to feast on 15 extra hot wings, a chicken butterfly, half a chicken plus two garlic breads and chips, washed down with soft drinks.
"They must have been a group of friends or feeding a family — they bought loads," Ragan told The Sun.
"I don’t know how people can go through life stealing from others like this. It's horrible.
Get the latest money advice, news and help straight to your inbox - sign up at mirror.co.uk/email
Covid-19 measures mean Nando's customers must scan a QR code with their phone and order online.
The crooks are thought to have used a technique called credential stuffing where login data available online is stolen and used to hack into the victims’ other accounts.
Nando’s apologised and said it would refund anyone out of pocket.
"Protecting our customers' information is incredibly important to us.
"We can confirm that while our systems have not been hacked, unfortunately some individual Nando customer accounts have been accessed by a party or parties using a technique called "credential-stuffing", whereby the customer's email address and password have been stolen from somewhere else and, if they use the same details with us, used to access their Nando’s accounts.
"We take immediate action to refund anyone who has been impacted and secure those affected Nando’s accounts.
"We have made and are continuing to make investments to improve our detection and prevention of suspicious and malicious activity. We apologise to our customers who have been impacted by this."