https://www.bbc.co.uk/news/technology-51742079
Tesco and Boots have been hit by similar data breaches which affect customers on their loyalty card schemes. As a result, Tesco announced that new cards will be issued to 600,000 of its Clubcard members, and Boots have temporarily stopped allowing payments using Advantage Card points after around 150,000 customer accounts were hacked. Both retailers have assured customers no financial data was compromised but have advised affected customers to change their passwords as a precaution.
In both these incidents, neither of the company’s own systems were breached but rather cyber criminals used a technique called ‘password-stuffing’. Using databases of previously stolen usernames and passwords, attackers attempt to use this information to access other websites. This is often successful since many people reuse the same email and password combinations. To avoid this, it is recommended that people use strong and unique passwords across different accounts, using a password manager to store them if necessary, and to implement two-factor authentication.