Boots temporarily suspended payments using loyalty points earned through its Advantage card system after attackers attempted to hack into customer accounts. The street giant confirmed that none of its systems were compromised, but that the attackers had tried to access the accounts using credentials extracted from other platforms. Advantage cardholders won't be able to redeem their points online and in-store until Boots dominates them, though customers can still earn points when they shop. The move comes just days after a similar incident in which Tesco issued new cards to 600,000 members of its Clubcard loyalty programme.
Boot hijacking
The percentage of Boots customers involved would be less than 1% of the total 14.4 million active accounts, or approximately 145,000 people. "We are writing to customers if we believe their account has been affected, and if their Boots Advantage cards have been used fraudulently, we will of course replace them," the company said in a statement. "We would like to assure our clients that this information was not obtained from Boots," the firm said. Chris Miller, UK&I regional manager at RSA Security, predicted earlier this week that the same credentials used to access Tesco Clubcard accounts would also be tested on other sites, and he turned out to be correct. "From an end-user standpoint, it's really important not to use the same password for multiple accounts," he cautioned. "Some sites and apps offer two-factor authentication, which requires a password and, for example, a code issued on a mobile phone... can provide an extra level of security. Boots advised customers to reset their passwords online and select a unique password that is not used for other accounts.Via BBC