Image copyright

Boots has suspended payments the use of loyalty issues in stores and on-line after makes an attempt to damage into shoppers’ accounts the use of stolen passwords.

Customers will be unable to make use of Boots Advantage Card issues to pay for merchandise whilst the problem is handled.

Boots stated none of its personal techniques had been compromised, however attackers had attempted to get admission to accounts the use of re-used passwords from different websites.

It comes days after a identical factor hit 600,000 Tesco Clubcard holders.

A spokeswoman for Boots informed the BBC the problem affected not up to 1% of the corporate’s 14.four million lively Advantage Cards – fewer than 150,000 other people.

But it would now not give a precise quantity as the corporate used to be nonetheless coping with the issue.

No bank card knowledge were accessed, they stated.

Suspending payments the use of issues got rid of the chance of hackers stealing the issues to spend themselves, the spokeswoman stated.

Customers can nonetheless earn issues when making purchases, and Boots hopes to have level payments again up once imaginable.

Image copyright

“We are writing to customers if we believe that their account has been affected, and if their Boots Advantage Card points have been used fraudulently we will, of course, replace them,” the corporate stated in a observation.

“We would like to reassure our customers that these details were not obtained from Boots,” it added.

The Boots Advantage card shall we consumers accumulate 4 issues for each and every £1 spent, and each and every level is value a penny. For instance, a card with 200 issues might be used to pay for an merchandise value £2.

But the issues will also be used when buying pieces on-line.

Tesco problems caution to 600,000 Clubcard holders How do firms use my praise card information?

So-called “password stuffing” occurs when an attacker makes use of an inventory of compromised usernames and passwords from a prior information breach.

They then attempt to log in to another website online, hoping for a fit.

Because many of us use the similar electronic mail and password mixture for a number of web sites, probably the most mixtures at the compromised listing would possibly paintings.

In Tesco’s case, the grocery store large informed shoppers it believed {that a} compromised listing of usernames and passwords were used to take a look at to realize get admission to to its shoppers’ accounts – and it is going to have labored in some circumstances.

It stated no monetary knowledge used to be accessed, and it had limited get admission to to the accounts to stop fraudulent use.

Jake Moore, cyber-security specialist at web safety company Eset, stated that Boots reminding their shoppers in regards to the chance used to be a smart move – however that password reuse is a “gigantic problem” in cyber-security.

“These lists of passwords can be easily found on the dark web for very little, or even free,” he stated.

“It would be a good idea for people to check they have implemented two factor authentication on each of their accounts as this makes the password stuffing attack that much harder.”

“My further advice is to use a password manager to store your uniquely different passwords robustly online so you don’t have to remember them all.”

Boots stated shoppers may reset their passwords on-line, and will have to select a singular password now not used on different websites.