Incident: Woolworths Rewards cards ‘hacked’, points stolen | news.com.au

Posted by Steven Kirby | Jul 27, 2017 | Australia, Australian InfoSec Incident, Australian InfoSec Incidents 2017, Hacked, news.com.au, OSWAP Top Ten, Retail | 0 |

Australian Information Security Incident Reported: July 27 2017

Woolworths is investigating reports of Rewards cards being “hacked” and points stolen from customers’ accounts using a major security vulnerability in the Woolworths app.

Currently, the app allows anyone to enter a random card number to see the points balance on the account. The user can then enter the number into a rewards card app like Stocard to generate an image of the barcode, which can be scanned at the Woolworths checkout to claim the discount.

Numerous customers have taken to the OzBargain forum to report points being stolen.

Source: Woolworths Rewards cards ‘hacked’, points stolen

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More Australian News

Audit: Australian Senate Estimates reveal 435 Chinese-made surveillance devices found at defence sites
by Steven Kirby on June 4, 2023
Defence Internal Audit Finding 31 May 2023 Australian Senate questioning reveal 435 Chinese-made surveillance devices found at defence sites Defence …
Steven Kirby on LinkedIn: The Essential Eight Cyber Security Guidelines | Microsoft
by Steven Kirby on June 4, 2023
https://lnkd.in/gZAjz-vm
Nivedita Newar on LinkedIn: Mandatory Cyber Incident Reporting Obligation
by Nivedita Newar on June 4, 2023
Awareness Refresher: If you are a cyber security team member in any role working for any of the 13 critical infrastructure sectors under the SOCI Act…
The Essential Eight Cyber Security Guidelines | Microsoft
by Microsoft on June 4, 2023
The Essential Eight cyber security guidelines for business Malicious cyber activity is increasing in frequency, scale, and sophistication throughout …
Breaking Down the Security of Critical Infrastructure Act
by Wouter Veugelen on June 2, 2023
On 17 February 2023, the Critical Infrastructure Risk Management Program (CIRMP) requirements came into effect. The clock is now ticking for more …
An interview with Gilbert Tobin discussing artificial intelligence in Australia
by Gilbert + Tobin on June 2, 2023
...will apply in respect of any personal information or sensitive information (as defined in the Privacy Act) that is ingested in or used by an AI …
Death and digital assets - Decoding digital assets in estate administration
by Ilana Kacev on June 2, 2023
The ever-evolving digital landscape has changed the concept of what an asset is, beyond that of mere physical possessions to now including numerous …
Regulatory focus on combatting scams and strengthening cyber resilience continues
by Kate Hilder on June 2, 2023
We outline the latest announcements from APRA and ASIC As previously reported, following a record year for consumer scam losses, regulators, have …
Services Australia sharing password-crackers with Dept of Education
by Jeremy Nadel on June 2, 2023
Services Australia has provided smartphone-hacking technology to the Department of Education and other unnamed agencies to assist them in …
Toyota does U-turn, confirms thousands of Australian customers hit by latest data breach
on June 1, 2023
A fortnight after its most recent customer data breach in Japan, Toyota Australia has confirmed the details of almost 3000 local owners were exposed …

Weekly Australian News and Monthly Incident Review Emails

No advertisements, marketing, sales, or unsolicited emails. Your email address is ONLY used to send the publications listed above.

Featured

Incident: Thousands of identifiable Northern Territory patient health files sent to overseas-based software vendor in government data breach | ABC News (Australia)

Featured

Incident: Drug and alcohol tests of graduate paramedics revealed in Ambulance Victoria data breach | The Guardian

Incident: TechnologyOne investigates 'cyber incident' on M365 system | iTnews

Incident: Crown Princess Mary Cancer Centre in Westmead Hospital in cyber attack, hackers threatening to release stolen data | ABC News (Australia)

Incident: Australian law firm HWL Ebsworth hit by Russian-linked Blackcat ransomware attack | The Guardian

Featured

Audit: Australian Senate Estimates reveals 435 Chinese-made surveillance devices found at defence sites

Featured

Audit: Western Australia Auditor General's Local Government Information Security Audit 2021-22 reports 324 control weaknesses

Audit: Western Australia Auditor General's State Government Information Systems Audit 2021-22

Audit: Queensland Audit Office's State Entities 2022 reports deficiencies in information systems

Audit: Victoria audit warns of weak IT controls in council systems | iTnews

Featured

Quote: Elijah Shaw "In the battle of real world vs..."

Featured

Quote: Kirsten Manthorne "You are an essential ingredient in our ongoing effort to reduce Security Risk.”

Quote: H. Stanley Judd "The ultimate security is your understanding of reality."

Quote: Gilda Radner "There is no real security except for whatever you ..."

Quote: Germaine Greer "Security is when everything is settled, when nothing ..."

Incident: Woolworths Rewards cards ‘hacked’, points stolen | news.com.au