Boots has temporarily suspended payments using loyalty points earned via its Advantage Card scheme after attackers attempted to hijack customer accounts.
The high-street giant confirmed none of its systems were compromised, but that attackers had tried to access accounts using credentials scraped from other platforms.
Advantage Card holders will be barred from redeeming their points both online and in store until Boots has a handle on the situation, though customers can still collect points when making purchases.
- Tesco Clubcard holders warned of major security issue
- Facebook data breach sees millions of user details leaked online
- 30 million payment cards listed on fraud marketplace
The measure comes just days after a similar incident saw Tesco issue new cards to 600,000 members of its Clubcard loyalty scheme.
Boots account hijack
The percentage of Boots customers affected is reportedly less than 1% of the 14.4 million total active accounts - or roughly 145,000 people.
“We are writing to customers if we believe their account has been affected, and if their Boots Advantage Cards have been used fraudulently we will, of course, replace them,” said the company in a statement.
“We would like to reassure our customers that these details were not obtained from Boots,” the firm was careful to add.
Chris Miller, Regional Director UK&I at RSA Security, earlier this week predicted the same credentials used to access Tesco Clubcard accounts would be tried on other sites too - and was proven correct.
“From the end-user’s perspective, it is really important not to use the same password for multiple accounts,” he warned.
“Some sites and apps offer two-stage authentication, asking for both a password and, for example, a code delivered to a mobile phone…[which] can offer an extra degree of security.”
Boots has advised customers to reset their passwords online, and to select a unique password not used for other accounts.
- Keep your precious data safe with the best antivirus services of 2020