WW Reward Points Stolen/Hacked - Happening Again Like Last Year

Just a heads up to watch out for this happening again, just in time for Xmas :

https://www.ozbargain.com.au/node/320519

I am going to call WW tomorrow. Someone in another State used my $30 rewards credit on Saturday.

I assume it's barcode "try your luck" fraud happening again.

Related Stores

Everyday Rewards
Everyday Rewards

Comments

  • Sorry to hear that. I assume you save $30 for Xmas. A true savvy person always redeems $10 off once it hits 2k pts (especially you know such issue happened before).

    $30 is much safer to stay in your saving/offset account and generates/offset a tiny interest.

    • I didnt realise you could save it, mine just takes it off my next shop automatically.

    • Yeah I would have spent it by now, but I earned $30 (6500 points) in one go from a 4 week spend promo. And I didn't spend it immediately because I did our shop at Coles to get that promo achieved.

  • I read about this last year, seems like a lot of work for little payoff,

    cant imagine too many people having that much woolowrths rewards stocked up

    • I don't normally, but I imagine some ppl would have been saving credits for Xmas

  • There's been quite a few comments about this on their Facebook page in the last week as well - looks like quite a few people have been hit.

  • I'm on the phone now and lots of people are in the same situation.

    Check your accounts!

  • I can't even login to the site today. In the past people have mentioned some things about it happening to sets of card numbers from the promotions like free $10; and those lists being leaked, but what if this is a cybersecurity issue; as in an exploit taking place on the site.

    I would wonder if there were any test spends on your account in the prior weeks. If there aren't any, then it looks more like some exploit taking place. Rather than some lucky bugger deciding to use and print out your barcode. How would they know exactly to target your card? Likewise, do any of us that haven't been affected see random points from shops we never did.

    It is well known that some people have set their cards to only allow the points to be redeemable at Christmas. Why this affects it, is it probably allows someone crawl with a higher level of accuracy. But I guess most people wouldn't be using the feature so it would be very hard to scrape for the data even if an exploit existed; so I'm leaning towards more of somehow the database inside their site is storing this and has somehow been breached. There would have to be one because it needs to activate these WW points at a certain date.

    I guess they need to implement a pin feature ASAP, you don't need to add a swipe bar to the card as it could be implemented like the coles e-gift cards where you scan and then punch your pin in. (No new cards need to be issued as a cost saving/environmental measure)

    Just some thoughts. Luckily I only have around 1800 points. With some promos coming soon as they do this time of the year, I might also be hit eventually. I think it needs more fixing than what has already been done. I looked at the other threads on the issue and it looks like they did things but didn't implement all the recommendations, especially from the community. Guess someone is getting demoted or losing their job…

    • I'm on the phone now, and they suspect that they are using a 3rd party barcode app (e.g. Stocard) which allows an option to extract and show points balance data.

      • Yeah, that sounds plausible. Wait, I thought they fixed that though…

        • I would have thought so, but it's apparent that it didn't get fixed.

          I'd say that they have chosen a good time to spend their time trying out barcodes. If you had to choose any time it would be right after "points X spend" promos have ended i.e. when the jackpot is at it's maximum. Your chances would be higher and reward larger too.

      • Stocard cant get number of reward points on your card

  • Happened to me last year, can't be bothered now and just automatically transfer it to qantas points instead.

    They never did refund me my $10 lol

  • Merged from PSA Woolworths Rewards Dollars Being Targeted Again

    Unfortunately this has happened to me last week. Someone has scanned my WW card in another city and used up the WW dollars I had earned.

    Happened to a few people last year and year before.

    Just wanted to make people aware and to check your WW rewards account just in case. Customer service issued me with another member card and reinstated the dollars.

    On a positive note, the thieves earned me 2x 4c fuel vouchers…

    • +1

      How did your card get scanned elsewhere? Did you lose it? Are they just generating random cards and using them? Was there a breach at Woolies that leaked card numbers etc?

      • Probably a similar method as two years ago that WW have not fixed… Data scraping. Could be systematic number generation but that would be very cumbersome.

        I did not lose my card. I hardly shop at WW unless there is a big promo.

        Anyone can scan any barcode they want at WW. Just create it using any barcode App eg Stocard and away you go.

    • On a positive note, the thieves earned me 2x 4c fuel vouchers…

      Post as a bargain

    • i know this is a bit old, but this just happened to me last week. I just got the $20 off next shop on Monday, went in today and no $ was deducted and the cashier said i had nothing in there. Got home and checked, and on the same day AND the same location I got the $20 off, it was used. I even have the receipt so its not like they can skim the last 4 card numbers. So annoyed as I bought a whole bunch of stuff to make the spend. Ive had this card for years, and only used this last week so nfi how they got the number, must have been someone after me in the self checkouts..

      • Can't believe they haven't implemented a PIN requirement like flybuys or any other payment type system.

        Hopefully WW customer service will help you.

Login or Join to leave a comment