Boots has suspended payments using loyalty points in shops and online after a cyber attack that attempted to break into customers accounts using stolen passwords.
Boots said none of its own systems were compromised, but attackers had tried to access some accounts using reused passwords from other sites. This has come a few days after a similar issue hit 600,000 Tesco Clubcard holders.
This attack is known as “password stuffing” and it happens when an attacker uses a list of compromised usernames and passwords from a previous data breach, and in this case they have tried to use them on the Boots Advantage Card scheme.
Boots have said that no financial information was accessed, and it had restricted access to the accounts to prevent fraudulent use.
They have also said customers could reset their passwords online, and should choose a unique password that is not used on other sites.