I remember in previous years WW had a big ongoing problem of rewards accounts being used by unsavoury members of society, which I see now the fix is to lock your rewards dollars. I was stung twice.
My partner just checked her receipt history and there is a transaction on the 1st of July using her $10 in another city, but also interestingly her extra 10%.
Is this the new target for these people… Trying to find accounts with 10% off? Anyone else encounter this?
everyone uses the term "hacking" so flippantly.
most run of the mill scams (meaning it hasn't been done against a large company - for example medibank, optus, etc), the owner of the account has given away their access because of their sloppy cyber habits or naivety / gullibility
Time to start blaming the individuals in these cases
Yeah sorry, using the term hack loosely.
But when I got done twice, there is definitely zero chance that I let my ww barcode get released. And in this case, same with my partner. There must be some other way people are gaining access to member numbers.
That's how it happens. Somebody clicks on a plausible looking link, maybe in an ad or maybe in an email, is asked to enter their member number to verify their account, triggers a 404 error and assumes the website is current down, then completely forgets that anything ever happened.
Spoofers never pop up a flashing scull and crossbones telling you that you've been pwned, more often than not the whole experience is completely forgettable.
The internet and the media is full of people claiming that they would never do such a thing, even where faced with direct evidence that they actually did.
Even internet savvy people get spoofed all the time. The scams play into the parts of people's brains where we have got into the habit of processing administrivia without thinking, because we do that kind of thing dozens of times a day and there is only so much room in people's brains.
Woolworths Rewards was never hacked.
All that happened is that scammers were starting to get more sophisticated about tricking users into giving up their account details.
The problem Woolworths had is that their systems are not set up like a bank, so they don't have security measures in place such as two factor authentication to prevent unauthorised access, or to pick up when accounts are being used in an inauthentic manner like flagging a transaction outside of someone's normal state.
This is most likely what has happened in OP's case as well.
Woolworths does actually have some security measures, just not as strict as a bank.
2FA codes are sent by SMS or email when you login or change certain settings.
If you redeem Rewards dollars far outside your usual area, they won't block it, but they will send an email to check.
In the scheme of things it's pretty trivial. But sounds like your wife has been phished and needs to order a new card/account.
Perhaps it was her boyfriend
How dare you! She gave me permission to use it!
His name is kickled.
I am usually very good with phishing and scams. One time I had my Woolworths reward dollars + 10% used/"stolen" in another state and I got cranky and raised it up with Woolworths reward. They were willing to cop the loss and give me another set of reward dollars. I swear it was an issue on their end and they got hacked, especially how the timing of earning the rewards dollars earned and being "stolen". After calming down I realised my Woolworths rewards was the same as my old Shop back password and email before it got "hacked", and the hackers likely used it to get in, realized there's rewards dollars (there's probably automated bots working that out), and just use the barcode easily available after logging into Woolworths Rewards. Unlike Flybuys, there's no 2FA or requirement of a physical card with pin required to claim your dollars.
You will need a new rewards account or a new barcode + change your password, otherwise it will happen again.
Now this is an intelligent reply, unlike some previous posts.
This has happened to my missus twice! (and we have AV up the wazoo and never click on links etc….we had not been spoofed, wormed or trojaned and no lotharios or mistresses on the scene…I think?).
Apparently someone(s), on both occasions (6 months apart), used her rewards card at different locations and not within cooee of where we shop.
Because the card was supposedly, physically used - she asked them to check CCTV footage to I/D the culprit, but nocando!
Both occasions card had to be changed and money refunded, so no loss except time invested.
It is DEFINITELY a security weakness within their system, or was, as this happened 18 months ago and has not recurred to either of us in the interim.
I checked the internet at the time and it had happened to many poor saps like us in exactly the same manner!
Well either your family member used it or someone else copied your bar code/number. I wouldn't call it hacking.