Woolworths denies data breach after outraged shoppers claim Everyday Rewards hacked

Supermarket giant Woolworths has reiterated its claim that there have been no security breaches surrounding user data in its Everyday Rewards loyalty program, stressing scammers are the likely culprits behind a growing number of complaints of hackers accessing accounts.

Speaking with Yahoo News Australia, a spokesperson for Everyday Rewards said he believes fraudsters are accessing valid login or account details from online scams and other sources.

This comes amid complaints by members of a Facebook group who claim their accounts were hacked and points stolen.

Customers and staff member at Woolworths service desk
Woolworths says there have been no security breaches surrounding its Everyday Rewards loyalty program. Source: Getty Images

Everyday complaints

A member of the 41,000-strong Facebook group Woolworths Rewards Enthusiasts told Yahoo News that the group has been receiving "a large rate of constant posts" from customers complaining about the issue.

Admins of the Facebook group have been inundated with so many posts, they were forced to pin a mega thread for stolen points.

"Due to the increased influx of stolen points posts (daily occurrence it seems!) we will not be allowing anymore to be posted, this is your mega thread for stolen points," one of the admins wrote. The post also includes a screengrab of a Woolies statement, in which the retailer says it is investigating reports of a hack.

"If you have been affected, contact EDR (Everyday Rewards) immediately," the admin added.

Woolies denies allegations

Some members of the group have been relating their frustrations over reaching out to the Rewards team, with many venting about being on the phone for nearly an hour to resolve their points issue and being told that they are experiencing this because their own emails had been hacked.

Other members related hacking attempts on their accounts after receiving verification codes without making a request, while some members hypothesised about the possibility of this being an inside job.

The Woolworths spokesperson however denied these allegations.

"We have found no evidence to suggest that this is the case and no evidence to suggest our IT systems have been breached or compromised in any way. This indicates fraudsters have likely obtained these members' login credentials and account details from online scams or other sources," the spokesperson said.

Man's hand typing on laptop in the dark
Woolworths says that Everyday Rewards members may have fallen victim to online scams, through which fraudsters could gain access to account login information. Source: Getty Images

Robust security system

Some members of the group had also shared their frustrations over how no one was doing anything about the situation, particularly Woolies. When asked, the Woolworths spokesperson assured that the company does have a robust security system in place.

"We continue to enhance our security measures to protect our members' accounts. Unfortunately, like many other businesses, we do hear of our members being targeted by scammers from time to time," the spokesperson said, and added that Woolies also encourages members to keep their accounts secure with strong passwords, and to be wary of scams and phishing.

Woolworths rival Coles also has its share of woes with compromised loyalty accounts, with similar complaints from its own members in a separate Facebook group.

While phishing and hacking isn't anything new, consumers and businesses need to constantly keep their guard up against cyber-criminals.

Advice to keep accounts safe

The Woolworths spokesperson also gave a few tips to keep hackers at bay, which involves changing your Everyday Rewards password if you've used it for another account and to make sure passwords are unique for all online accounts.

The spokesperson also advised members to update their passwords to stronger phrases that include numbers and special characters like ILOVE2ReadB00ks! and 2beornot2B?, and to take a closer look at who is contacting them.

He adds that members should be suspicious of calls, SMS or emails that don't seem genuine, stating Everyday Rewards will never ask for login details via phone or SMS.

Finally, he advised members to make sure to log out of their accounts and lock devices as soon as they're finished using them.

Do you have a story tip? Email: newsroomau@yahoonews.com.

You can also follow us on Facebook, Instagram, TikTok and Twitter and download the Yahoo News app from the App Store or Google Play.