Boots stops customers making purchases with loyalty cards after hackers attack accounts
- Hacker used stolen passwords to attempt to break into Advantage Card account
- This type of cyber attack can be successful is people reuse the same passwords
- High street chemist said none of its systems were compromised in the attack
- The hack affected 140,000 of company’s 14.4million Advantage Card holders
Boots has halted purchases using points built up on its loyalty card after a cyber attack on its customer database.
Hackers used passwords that had been taken from other websites in an attempt to break into Advantage Card accounts and steal customers’ points to spend themselves.
This type of cyber attack can be successful if people use the same password on multiple websites.
The high street chemist said none of its systems was compromised in the attack but that it had suspended payments using the cards while the problem was dealt with.
Boots has halted purchases using points built up on its loyalty card after a cyber attack on its customer database (stock image)
The hack affected around 140,000 of the company’s 14.4million Advantage Card holders, and Boots stressed that no credit card information had been accessed.
Boots said: ‘We are writing to customers if we believe their account has been affected.
‘If their Advantage Card points have been used fraudulently we will, of course, replace them. These details were not obtained from Boots.’
Boots launched its Advantage Card in 1997. It allows shoppers to collect four points for every £1 they spend. Each point is worth a penny. The firm said any points will remain on shoppers’ cards and they can continue to earn more to spend in the future.
The security breach comes days after a similar cyber attack – known as ‘password stuffing’ – affected 600,000 Tesco Clubcard holders, in which some had their vouchers stolen. The supermarket said that customers’ financial data remained safe.
Hackers used passwords that had been taken from other websites in an attempt to break into Advantage Card accounts and steal customers’ points to spend themselves (stock image)
Jake Moore, a cyber-security expert, told the BBC: ‘These lists of passwords can be easily found on the dark web for very little, or even free.
‘It would be a good idea for people to check they have implemented two-factor authentication on each of their accounts, as this makes the password stuffing attack that much harder.
‘My further advice is to use a password manager to store your uniquely different passwords robustly online so you don’t have to remember them all.’
Advantage Card holders can visit its website to reset their password. The firm added: ‘To help protect online accounts, we recommend using different passwords for each site used.’
The high street stalwart has suffered from increasing competition from supermarkets and online rivals in recent years.
Its parent company, Walgreens Boots Alliance, has been forced to cut £1.4billion a year in costs by 2022 by closing stores and laying off staff.
Boots has already announced it will close 200 stores as sales and profits fall.