«
»

Loblaws PC Plus Rewards Systems Pwned…. I Need To Change My Password

Groceries are not cheap these days. So my wife and I shop at Loblaw where we can earn points on specific groceries that we by which we can then redeem to buy groceries. There have been times where we have redeemed enough points to not have to pay a cent for weeks worth of groceries. That seems like a good deal. Until I woke up this morning and found that the systems that run PC Plus rewards have been hacked. Here’s the details:

Loblaw is warning PC Plus rewards collectors to beef up their passwords after points were stolen from some members’ accounts.

“We are treating this as a breach as individual member accounts were accessed and points were stolen,” said Kevin Groh, the company’s vice-president of corporate affairs and communication, in a statement.

The breach stems from people using favourite or weak username and password combinations across multiple sites, he said.

These combinations were stolen from other sites and used to access PC Plus accounts, according to Groh.

Okay. I will admit that people reusing passwords is a #fail waiting to happen. But this statement does have a bit of a “blame the victim” slant to it as their intrusion detection systems should have been able to detect unusual activity. Assuming that one was in play of course. The way this story reads, it seems like Loblaw found out about this when PC Plus members lost points and told the company. That’s a scenario that should never happen. In the meantime, if you’re a member of PC Points you should change your password to something unique and strong and check your points balance to see if you too have been pwned. I’m advising my wife to do that right now.

UPDATE: I would also strongly recommend that you check to see if there are additional cards on your PC Points account. Reports are now starting to surface that people who have lost points have found additional cards on their accounts. Clearly this is how the points are being stolen.

UPDATE #2: This apparently has been an ongoing issue for Loblaw. Many thanks to “Lisa” who directed me towards this thread on Red Flag Deals that indicates that this hack started late last year. Clearly Loblaw has some explaining to do as they really should have been up front with the public long before now.

This entry was posted on February 9, 2017 at 8:45 am and is filed under Commentary with tags , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

13 Responses to “Loblaws PC Plus Rewards Systems Pwned…. I Need To Change My Password”

  1. Canadian Tire Website Pwned By Hackers | The IT Nerd Says:
    February 9, 2017 at 8:54 am

    […] is a bad day for Canadian retailers. Apparently Canadian Tire joins Loblaw in being pwned by hackers as the former has apparently shut down customer access to their online […]

    Reply
  2. Lisa Says:
    February 9, 2017 at 1:34 pm

    Plus, it would also be helpful if PC allowed you to have a password that was more than 8 characters.

    This isn’t a new thing. It has been reported on redflagdeals as far back as December that this has been happening. PC claimed it had been happening to others as well, but denied at that time they had been hacked.

    This was back in December. Seems they should have done something then to lock people out of their accounts until they changed their passwords!

    Reply
  3. Loblaw Resets The Passwords Of ALL PC Points Users For Security Reasons | The IT Nerd Says:
    February 21, 2017 at 10:57 am

    […] seems that the hack of the Loblaw PC Points rewards program isn’t going away as every member of the rewards program have gotten e-mails over the weekend […]

    Reply
  4. Cineplex Asking Users To Change Their Passwords…. Why? | The IT Nerd Says:
    February 24, 2017 at 3:24 pm

    […] is watching other Canadian companies like Loblaw and Canadian Tire get pwned by hackers and is simply getting ahead of the curve in terms of trying […]

    Reply
  5. Petro Canada Suggests That Users Change Their Passwords | The IT Nerd Says:
    February 26, 2017 at 8:58 pm

    […] that this still has a “blame the user” feel to it. But having said that clearly the Loblaw and Canadian Tire hacks has Canadian businesses […]

    Reply
  6. PC Plus App Update Forces You To Delete And Re-Add Membership Cards | The IT Nerd Says:
    March 10, 2017 at 12:23 pm

    […] off a incident where a security issue led to points being stolen, though it’s apparently the users fault for having weak passwords, Loblaw has pushed out […]

    Reply
  7. PC Optimum Issues Continue With The Mass Theft Of Points | The IT Nerd Says:
    March 22, 2018 at 2:57 pm

    […] in place”, there’s clearly an issue. And it isn’t the first time as Loblaws has been pwned before. I’m going to go out on a limb and suggest that Loblaws needs to give whatever “strong […]

    Reply
  8. PC Optimum Clearly Has A Serious Security Issue…. And There May Be Not Much That You Can Do About It | The IT Nerd Says:
    March 23, 2018 at 8:45 am

    […] that people were having millions of PC Optimum points stolen from their accounts, which as I noted has happened before and is the latest issue with the rewards program run by Loblaws which has been plagued by problems […]

    Reply
  9. #Fail: PC Optimum Members Pwned AGAIN…. Loblaws Blames Password Bug | The IT Nerd Says:
    April 15, 2018 at 10:40 pm

    […] If this wasn’t so serious, it would almost be comical. I say that because it seems that PC Optimum members have had their points stolen again according to CBC News. Keep in mind that the predecessor to this program has had issues in the past. […]

    Reply
  10. Stop Me If You’ve Heard This Before…. Members Of Loblaws PC Optimum Rewards Program Pwned AGAIN | The IT Nerd Says:
    April 22, 2018 at 6:54 pm

    […] in mind that this system has been pwned multiple times both in its PC Optimum incarnation and its PC Points incarnation. Which means that the system is nearly not secure, which is something I said a few weeks […]

    Reply

Leave a Reply

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Continue reading