BOOTS has suspended Advantage Card payments after scammers tried to hack into customers' accounts using details stolen from other sites.
It means customers won't be able to pay for products using their points while the issue is dealt with.
The suspension comes after Boots spotted "unusual" activity on Advantage Card accounts with the aim of accessing and spending the points.
Boots told The Sun the issue affected less than 1 per cent of the company's 14.4million active Advantage Card users – 144,000 people.
It insisted that no credit card information had been accessed, and said hackers tried to access accounts using details stolen from other sites.
Boots is currently writing to affected customers, and said it'll replace any points that have been used by fraudsters.
Customers can still earn points when making purchases, but Boots couldn't confirm when shoppers will be able to spend their points again.
The Boots Advantage Card scheme lets shoppers collect four points for every £1 spent, and each point is worth 1p.
For example, a card with 200 points could be used to pay for an item worth £2 both in-store or online.
Boots said in a statement: "Our customers' safety and security online is very important to us.
"We can confirm we are writing to a small number of our customers to tell them that we have seen fraudulent attempts to access boots.com accounts.
"These attempts can be successful if people use the same email and password details on multiple accounts.
"We would like to reassure our customers that these details were not obtained from Boots.
"As an extra precaution we have temporarily stopped payment by Boots Advantage Card points on boots.com or in store."
So-called "password stuffing" happens when crooks access a list of stolen usernames or email addresses and passwords from a previous data breach.
They then try to log in to a different website, hoping to get a match.
To avoid problems, it's worth having different passwords for different websites.
The news comes just a few days after Tesco blocked 620,000 Clubcard accounts as scammers tried to steal points.
The supermarket said that a database of stolen usernames and passwords from other platforms had been tried out on its site.
At the end of last year, Morrisons shoppers were "fuming" after having hundreds of pounds worth points stolen from their More loyalty accounts.
Source: Read Full Article