Reward points stolen
Fury over Woolies ‘hack’
WOOLWORTHS has ramped up security around its Everyday Rewards program as a growing number of customers complain of having their points stolen and spent.
Furious members of the scheme have bombarded the supermarket chain and social media with reports of fraudulent transactions on their accounts – some of them targeted several times, to the tune of hundreds of dollars.
“Someone just stole my rewards credit to pay for their groceries,” one woman wrote on a Facebook group with 280,000 members.
“I got the notification on the app that I had a new receipt and had used my $30 credit.
“I live in Sydney and the transaction was made in Brisbane. I tried to contact Woolworths with no luck, apparently they are receiving a huge number of calls.”
Another wrote: “I have had this happen four times in the last few months. Woolworths are great when you get through on the phone but I got sick of having to do it.”
A fellow shopper added: “This happened to me last year, I eventually got my credit back but unsure how it’s happening so often.”
Woolworths denies its program has been formally hacked – or that there is a widespread problem – but has more than 100 cyber-security staff “constantly monitoring for potential threats”.
It confirmed it was “assisting a small number of members” who had fallen victim to unauthorised access.
“We have been assisting some members who appear to have been the victim of unauthorised access to their Everyday Rewards accounts,” a Woolworths Everyday Rewards spokesperson said on Thursday.
“And in the cases reported to us, accounts have been accessed using valid login or account details.
“This indicates fraudsters have likely obtained these members’ login credentials and account details from online scams or other sources.”
To combat the theft, Woolworths has introduced a number of security measures to its Everyday Rewards program, including two-factor authentication on the website.
Customers are being urged to change their passwords.
As an additional safety measure, members who have chosen to “Bank For Christmas” will need to use the Everyday Rewards app in order to release funds prior to December 1.
Security Awareness Advocate at KnowBe4, Jacqueline Jayne, said we were seeing “next level data being breached and stolen”.
“With the latest release of the personal health information we have seen (through the Medibank hack), we are at another level that has the potential to cause immense personal stress to individuals, which is new for us all to manage,” Ms Jayne said.