Boots Taken Advantage Of

It has been reported that the retailer Boots has been hit by a cyber attack.

It’s only the third month of the year and it feels like cyber attacks have been making daily headline news. Or are we starting to become more aware and reporting them more effectively? Who knows.

Cyber criminals attempted to hack into customer’s Boots accounts using stolen passwords. Then using ‘password stuffing’ attempting to use passwords that users regularly re-use, the criminals were hoping to fraudulently obtain the advantage points and spend them as they see fit. As a result of this activity, Boots have suspended the ability to pay with Advantage card points online.

The news of this attack came days after a similar attack took place on Tesco’s Clubcard points which affected 600,000 customers.

A spokeswoman for Boots told the BBC the issue affected less than 1% of the company’s 14.4 million active Advantage card users – less than 150,000 customers. She also revealed that no credit card information was obtained by the criminals.

By suspending payments using points, Boots have prevented the hackers from spending the points on themselves.

A statement released by the retailer, read:

“We are writing to customers if we believe that their account has been affected, and if their Boots Advantage card points have been used fraudulently we will, of course, replace them.”

Most websites we use now require passwords, and as such password reuse has become a huge problem. However, it has made life slightly easier for cyber criminals, who can use one password to access multiple sites.

Jake Moore, a cyber security specialist at Eset, said:

“These lists of passwords can be found easily on the dark web for very little or even free.

“It would be a good idea for people to check they have implemented two factor authentication on each of their accounts as this makes the password stuffing attack that much harder.

“My further advice would be to use a password manager to store your uniquely different passwords robustly online so you don’t have to remember them all.”

Who do you think will be next on the hacker’s hit list?