PC Plus users urged to change pass­words

Points stolen in se­cu­rity breach; Cana­dian Tire freezes lo­gins af­ter tip

The Hamilton Spectator - - BUSINESS - ALEKSANDRA SAGAN

TORONTO — Loblaw is warn­ing PC Plus re­wards col­lec­tors to beef up their pass­words af­ter points were stolen from some mem­bers’ ac­counts.

“We are treat­ing this as a breach as in­di­vid­ual mem­ber ac­counts were ac­cessed and points were stolen,” Kevin Groh, the com­pany’s vice-pres­i­dent of cor­po­rate af­fairs and com­mu­ni­ca­tion, said in a state­ment.

Mean­while, Global News re­ported that Cana­dian Tire shut down cus­tomer ac­cess to on­line ac­counts this week in the in­ter­est of pro­tect­ing their per­sonal in­for­ma­tion.

“We re­cently no­ticed un­usual traf­fic on our web­site and sus­pended cus­tomer sign-in ca­pa­bil­i­ties while we in­ves­ti­gate,” com­mu­ni­ca­tions man­ager Stephanie Nadalin told Global, which said it had been alerted to the prob­lem by an un­named cus­tomer.

Those try­ing to get ac­cess to their points and credit card in­for­ma­tion on their com­put­ers in­stead saw a mes­sage say­ing that the sign-in op­tion was “tem­po­rar­ily un­avail­able” and the com­pany was work­ing on the prob­lem.

Groh said the Loblaw breach stems from peo­ple us­ing favourite or weak user­name and pass­word com­bi­na­tions across mul­ti­ple sites. Th­ese com­bi­na­tions were stolen from other sites and used to get ac­cess to PC Plus ac­counts, ac­cord­ing to Groh.

In an email to PC Plus mem­bers sent late last month, Loblaw pointed to sites like Ya­hoo and LinkedIn, which were both hacked in re­cent years.

Last year, LinkedIn said a 2012 se­cu­rity breach com­pro­mised more than 100 mil­lion user pass­words. It was pre­vi­ously be­lieved only 6.5 mil­lion pass­words were im­pli­cated.

Also last year, Ya­hoo said the per­sonal in­for­ma­tion of more than one bil­lion of its users was stolen dur­ing a 2013 breach.

Loblaw said the com­pany is un­able to dis­close how many ac­counts lost points as it is con­tin­u­ing to work with any mem­bers whose points were taken, to re­in­state them.

The com­pany emailed all PC Plus mem­bers late last month, urg­ing them to up­date their pass­words. It asked mem­bers to cre­ate unique pass­words that are a com­bi­na­tion of let­ters, num­bers and char­ac­ters, and to change them fre­quently.

Loblaw also no­ti­fied law en­force­ment, Groh said.

Groh said Loblaw’s IT se­cu­rity team is mon­i­tor­ing un­usual ac­tiv­ity and is in­ves­ti­gat­ing any pos­si­bil­ity of un­der­ly­ing IT vul­ner­a­bil­i­ties.

CANA­DIAN PRESS FILE PHOTO

Loblaw told PC Plus points col­lec­tors to cre­ate unique pass­words.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.