Boots Advantage Card payments suspended after hijack attempts

(Image credit: Shutterstock / Maddie Red)

Boots has temporarily suspended payments using loyalty points earned via its Advantage Card scheme after attackers attempted to hijack customer accounts.

The high-street giant confirmed none of its systems were compromised, but that attackers had tried to access accounts using credentials scraped from other platforms.

Advantage Card holders will be barred from redeeming their points both online and in store until Boots has a handle on the situation, though customers can still collect points when making purchases.

The measure comes just days after a similar incident saw Tesco issue new cards to 600,000 members of its Clubcard loyalty scheme.

Boots account hijack

The percentage of Boots customers affected is reportedly less than 1% of the 14.4 million total active accounts - or roughly 145,000 people.

“We are writing to customers if we believe their account has been affected, and if their Boots Advantage Cards have been used fraudulently we will, of course, replace them,” said the company in a statement.

“We would like to reassure our customers that these details were not obtained from Boots,” the firm was careful to add.

Chris Miller, Regional Director UK&I at RSA Security, earlier this week predicted the same credentials used to access Tesco Clubcard accounts would be tried on other sites too - and was proven correct.

“From the end-user’s perspective, it is really important not to use the same password for multiple accounts,” he warned.

“Some sites and apps offer two-stage authentication, asking for both a password and, for example, a code delivered to a mobile phone…[which] can offer an extra degree of security.”

Boots has advised customers to reset their passwords online, and to select a unique password not used for other accounts.

Via BBC

Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently making a major announcement about Avengers: Doomsday's cast on YouTube, and I think it's going to be a long-winded reveal
Samsung QN90F on yellow background
Samsung announces US prices for its 2025 mini-LED TV lineup, and it’s good and bad news
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow