Boots has temporarily suspended payments using loyalty points earned via its Advantage Card scheme after attackers attempted to hijack customer accounts.
The high-street giant confirmed none of its systems were compromised, but that attackers had tried to access accounts using credentials scraped from other platforms.
Advantage Card holders will be barred from redeeming their points both online and in store until Boots has a handle on the situation, though customers can still collect points when making purchases.
- Tesco Clubcard holders warned of major security issue
- Facebook data breach sees millions of user details leaked online
- 30 million payment cards listed on fraud marketplace
The measure comes just days after a similar incident saw Tesco issue new cards to 600,000 members of its Clubcard loyalty scheme.
Boots account hijack
The percentage of Boots customers affected is reportedly less than 1% of the 14.4 million total active accounts - or roughly 145,000 people.
“We are writing to customers if we believe their account has been affected, and if their Boots Advantage Cards have been used fraudulently we will, of course, replace them,” said the company in a statement.
“We would like to reassure our customers that these details were not obtained from Boots,” the firm was careful to add.
Chris Miller, Regional Director UK&I at RSA Security, earlier this week predicted the same credentials used to access Tesco Clubcard accounts would be tried on other sites too - and was proven correct.
“From the end-user’s perspective, it is really important not to use the same password for multiple accounts,” he warned.
“Some sites and apps offer two-stage authentication, asking for both a password and, for example, a code delivered to a mobile phone…[which] can offer an extra degree of security.”
Boots has advised customers to reset their passwords online, and to select a unique password not used for other accounts.
- Keep your precious data safe with the best antivirus services of 2020
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.