Users of the President’s Choice plus program are being urged to change their passwords after some found their point stolen. (Flickr User: lam_chihang)
By: Victoria Sheba
Loblaws is urging Presidents Choice Plus members to change their passwords.
Members who were trying to access their points and credit card data, instead had a pop up message saying “temporarily unavailable.”
Loblaws says points were stolen from the accounts of PC Plus members.
“We are treating this as a breach as individual member accounts were accessed and points were stolen,” said Kevin Groh, the company’s vice-president of corporate affairs and communication, in a statement.
Anil Somayaji, a Carleton University expert in internet security said this is understandable why Loblaws wants members to change their passwords.
“Weak passwords make this worse, and when you reuse the same password across websites, it becomes very easy to break through the rest,” said Somayaji.
Laura Chiofalo, an early childhood education graduate at Humber has been a PC Plus member for over two years.
She said she was angry to learn that she lost points because her account had been hacked.
“This has affected me because I worked hard to get those points and getting them back will cost lots of money and time,” said Chiofalo.
Chiofalo has changed her password for her account and is waiting to hear from Loblaws whether she can recollect her lost points.
Loblaws is unable to disclose how many accounts lost points as the company is continuing to work with any members whose points were taken to reinstate them.
Groh told CP24 Thursday that Loblaws IT security team is monitoring unusual activity and investigating any possibility of underlying IT vulnerabilities.
In situations like this, it has to do with the security of the web servers. On Loblaws side, they have to have a computer holding all this information.
“When you have a computer with information it can potentially be broken into and the information is stolen,” said Somayaji.
“The only way to get away from this, is to get away from passwords.”
Loblaws points out that their company isn’t the only one hacked in recent years.
In 2012, a LinkedIn security breach 6.5 million passwords were stolen and in 2013 over one billion Yahoo users were hacked.