PC Plus and Canadian Tire Hacked, Users Urged to Change Passwords
Loblaws is urging its PC Plus rewards members to change their passwords, after the company told CBC News some members had points stolen from their accounts. PC Plus members use their accounts to access the accompanying iOS app to collect and redeem points in-store.
“We are treating this as a breach as individual member accounts were accessed and points were stolen,” said Kevin Groh, the company’s vice-president of corporate affairs and communication, told CBC News.
Groh said members with weak passwords reused on multiple sites, fell victim to their PC Plus accounts being accessed. The company would not disclose how many accounts or points were taken, but did say they are working with customers to reinstate any lost points.
Last month, Loblaws emailed customers urging them to update passwords to stronger combinations of both letters, numbers and special characters. The PC Plus website now has an “important security reminder,” warning customers not to use the same username and password combinations across multiple online accounts.
Canadian Tire Suffers Break, Login Now Temporarily Disabled
Global News reported earlier this week Canadian Tire suspended logins on their website for customer accounts, which prevented users from seeing their Canadian Tire Money points balances and more. These same logins are used within the Canadian Tire iOS app.
Canadian Tire communications manager Stephanie Nadalin told Global, “We recently noticed unusual traffic on our website and suspended customer sign-in capabilities while we investigate.”
The company reiterated no credit card information, including history is located on the Canadian Tire website or its loyalty database, which is the only site they have suspended logins, said Susan O’Brien, the company’s vice president of marketing and corporate affairs.
Customers started tweeting out to Canadian Tire on Sunday, demanding an explanation. The company replied to users to DM to let the company investigate further, only to say “we’re experiencing tech difficulties and have temporarily disabled log-ins.”
Canadian Tire did not state any public concern over the shutdown of its login system—until it was contacted by Global News. No timeframe has been given on when customer logins will be enabled again. The company did say there are “systems in place to monitor for unusual online activity to protect the personal information of our customers.”
If you have a PC Plus or Canadian Tire account, time to change your passwords if you’re reusing the same ones from other websites. In this day and age, if you’re not using a password manager like 1Password to generate unique passwords, you’re putting yourself at risk.