It has been reported that Boots has suspended payments using loyalty points in shops and online after attempts to break into customers’ accounts using stolen passwords. Customers will not be able to use Boots Advantage Card points to pay for products while the issue is dealt with. Boots said none of its own systems were compromised, but attackers had tried to access accounts using reused passwords from other sites. A spokeswoman for Boots said the issue affected less than 1% of the company’s 14.4 million active Advantage Cards – fewer than 150,000 people. But it could not give an exact number as the company was still dealing with the problem.

Jake Moore, Cybersecurity Specialist,  ESET
March 06, 2020
On the dark web, huge lists of leaked passwords are available at very little cost to bad actors, or sometimes even for free.
In cases like this, criminals utilise a technique known as ‘password stuffing’, where simple tools allow them to use passwords that have been stolen in a previous hack or breach to access multiple different accounts. On the dark web, huge lists of leaked passwords are available at very little cost to bad actors, or sometimes even for free. Many consumers repeat the same two or three passwo ....
Robert Prigge, President,  Jumio
March 06, 2020
Biometric authentication is significantly more secure, reliable, and delivers a much higher level of assurance.
Over the past 72 hours, Tesco Clubcards and Boots Advantage Cards have had nearly a million personal details compromised and/or stolen by hackers. These hackers have used the credentials and passwords they have stolen from different sites to access these loyalty accounts. But simply reissuing loyalty cards and asking users to change their passwords is not going to prevent the same from happening ....
Nicky Whiting, Head of Consultancy ,  Bulletproof
March 06, 2020
Separate passwords for each account, long passwords using three random words.
This attack really emphasises the need for users to be far more savvy about their passwords. The hackers simply used existing, known compromised accounts to access the information, knowing full well that a lot of people use the same password for all accounts. Users need to realise that if they want to protect their personal information, they need to take some responsibility and employ password bes ....
Sam Curry, Chief Security Officer,  Cybereason
March 06, 2020
Fool me once, shame on you. Fool me twice, shame on me. Fool me ten times, enough is enough!
The Boots breach is yet another reminder of how it's become almost a reflex now for retailers to contact customers saying 'we regret to inform you that due to a breach, your personal data may have been....' The number of identity compromises by this point is huge, and yet life continues. For the consumer, they should be working under the assumption that their personal information has been compromi ....
Boris Cipot, Senior Sales Engineer ,  Synopsys
March 06, 2020
Most will admit that they are reusing their logins on all these services.
Reused passwords are almost as dangerous as weak passwords. Typically, we are under the impression that the only problem posed by passwords is when they are short and simple, making it easy to guess. This is definitely true and explains why we are often reminded to create ‘strong passwords’ requiring a mix of capital and small-case letters, a length of 10-20 characters as well as the inclusion ....
Barry McMahon, Senior Manager, Identity and Access Management ,  LastPass
March 06, 2020
Creating a stronger online security posture will only happen with awareness – of the problem and the available tools to solve it.
The reality of cyber security is that most breaches result from human error, and one of the biggest ones is using weak and reused passwords on multiple websites and applications, which enables cyber criminals to gain access to systems that are in no other way linked. Boots customers are finding this out the hard way today as passwords they’ve used across multiple platforms, including their advan ....
