Customer loyalty programs are great – for providers and customers. In return for regular shopping, members receive various discounts and perks. At the same time, the shop gains all kinds of valuable data about your buying habits which they can use for targeted marketing purposes. Depending on the scheme they may also be able to re-sell some of that information to third parties.
More than 750,000 shoppers compromised
Early this month Tesco was forced to close the Clubcard accounts of more than 620,000 customers. According to Tesco, criminals had managed to obtain a hacked database from another website which contained thousands of email addresses and passwords.
The hackers then tested these login details against the Tesco Clubcard website to see if they could compromise the system. It is unclear whether they were successful, but the hacking attempt was detected, so Tesco decided to suspend the affected accounts.
A week later, the Boots Advantage scheme was attacked using the exact same technique. Around 150,000 accounts were targeted. Boots did not reveal whether the accounts were breached, but they were all suspended just in case.
Hackers love loyalty schemes
But wherever you find personal data, you’ll also find cybercriminals. Hackers may not necessarily be interested in the brand of toilet paper you buy, but other details like your phone number, email address and password are quite valuable.
Working on the principle that people regularly re-use passwords, hackers know that stealing one insecure database will open many others. It may be that in this instance, hackers were testing the stolen login details against Boots and Tesco just to confirm they worked.
People who reuse passwords for their loyalty scheme quite possibly do the same for more sensitive systems – like their online bank account. They can then steal money, apply for credit or commit identity theft. The fall-out would be significant.
OK. For now.
Fortunately this does not seem to have happened. Yet. However each of the 750,000 people are being advised to change their passwords as soon as possible. It is important that they change not only their Clubcard and Advantage Card passwords, but any others that reuse the same details.
This latest hack shows just how dangerous it is to reuse passwords. You might not be too worried if hackers break into one of your unimportant website accounts – but if that leads to your bank account being breached, you are suddenly facing a major problem.
You can make the process of choosing – and remembering – unique passwords much easier. Check out our extensive guide How To Protect Your Password for some useful tips.
In the meantime, if you are one of the affected Boots / Tesco customers, follow the official advice and change your password as soon as possible. If you don’t you won’t be able to claim your membership rewards!