Australian Information Security Incident Reported: July 27 2017
Woolworths is investigating reports of Rewards cards being “hacked” and points stolen from customers’ accounts using a major security vulnerability in the Woolworths app.
Currently, the app allows anyone to enter a random card number to see the points balance on the account. The user can then enter the number into a rewards card app like Stocard to generate an image of the barcode, which can be scanned at the Woolworths checkout to claim the discount.
Numerous customers have taken to the OzBargain forum to report points being stolen.