Worst. Reward. Ever. – Why you should change your online loyalty rewards passwords ASAP!
Most of us are savvy about protecting our credit and debit cards and online banking accounts. But what about all those rewards cards we use? While banks and users alike focus on credit cards and online banking security, cybercriminals are looking for easy pickings — and that could mean that your favorite loyalty cards are at risk.
Recent Rewards and Loyalty Hacks
Earlier this year, Toys ‘R Us informed members of its Rewards ‘R Us program about an unauthorized attempt to access Rewards ‘R Us accounts. The company speculated that large security breaches at other companies could be to blame. For example, when users use the same login name and/or password across multiple sites, it makes it easy for hackers to steal data at one source and use that information to gain entry into other accounts.
Late last year, Hilton HHonors members woke up to find that their loyalty accounts had been cleaned out by hackers. Cybercriminals stole and redeemed members’ points. In one case reported by Kreb Security, they also used the credit card on file with the rewards program to buy more points. In addition to profiting from their crimes, these loyalty rewards thieves also gained access to users’ login names and passwords. Just as Rewards ‘R Us members were likely victims of an earlier breach, this breach could lead to other breaches as the cybercriminals put this information to use on other sites.
Another incident late last year involved the theft of loyalty miles from members participating in American Airlines’ and United Airlines’ loyalty programs. Again, these breaches appear to be the work of hackers who used username and password combinations gleaned from other sites.
What’s at Stake?
While you may not be overly concerned about securing your local grocery, drug, or pet store rewards card — after all, the rewards are minuscule and not likely to be of value to crooks, you should be. While some cybercriminals will steal your rewards, what they’re really after are your credentials. Once they know your preferred username and password, they can start using those credentials on other sites such as online banking. Security is easy to bypass when you have a good username and password.
Securing Your Loyalty Accounts
One of the best ways to address this problem is to use a unique username and password combination on all of your online accounts, including your loyalty and rewards accounts. Unfortunately, it’s hard to keep track of all of these credentials. That’s why most people use their pets’ names, birth dates, and easy-to-remember-but-easy-to-guess passwords like 12345.
With cybercriminals targeting online loyalty accounts, it’s crucial to change your loyalty account passwords ASAP. Take online banking security even further by using a password manager.
April 8, 2015 / By: Celeste