Woolies rewards cards have been hacked
Woolies is investigating reports that the company’s Rewards cards have been hacked due to a vulnerability in the Woolworths app, leaving customers furious.
Customers have taken to the OzBargain forum to report points had been stolen, and many were also worried personal details had been compromised.
The vulnerability relates to an app functionality that allows anyone to enter a random card number and find a card’s point balance. This person can then enter the number into a rewards card app to generate an image of the barcode, which can then be scanned at a Woolies checkout to claim the discount.
OzBargain user jjj123 said, “Applied [for] the card last month with 5000 points bonus, I received the card today, login, and found the points were used in [another] state two weeks ago. Someone shopped the points in The Ponds and Kingsgrove in NSW. Anyone same situation with me? Who can access the card number before me? The envelope received today sealed in a unopened condition.”
Ricoguy added: “My card had $20 redeemed at Kingsgrove as well. I know you need a password to redeem Flybuys money at Coles but apparently you just need to scan the card to redeem your money at Woolworths which is quite a big loophole.”
A Woolworths spokesman said the supermarket was “monitoring customer feedback”. “Although our investigation shows there is no issue with the functionality and security of the app, we are reviewing how the app experience can be better improved to provide further assurances for customers,” he said.
Have you ever fallen victim to this kind of scam?
Image credit: Twitter / BetterWealth