PC Plus Points, check your online account!

[kuhltiffany]

Ok, the PC Plus chatter on the AM thread inspired me to look closer at my account, as the weekly emails and offers I usually got had stopped. Also, before Christmas I thought I had some points to redeem, but since it was so hectic, brushed it off when I went to the store. But since the emails had stopped and thinking about this too last week, I thought I'd do some more research. It has turned into a HUGE mystery now!

If you have the app, (it's all I use, I've never had a hard copy of my card), a new account number is created each time the app is updated. So if you go the website and look under your cards, you will see many, as well as the "names" of what they are attached to (often a phone name). I looked at mine and there are lots (at least 15!). Some are from Click & Collect, PC Financial, my husband, etc., but all are linked to my primary account. What was really odd, was that 2 had odd digits and were not related to the rest, no names or links to where they came from. I couldn't see when they were added or how, nor what type they were. One of them had redeemed 50,000 points from my account Dec. 23!!! I saw this on the weekend and changed all of the cards to "earn only" until I could phone today…

So once I got through today I got more of the story. I'm NOT the only one. Someone has figured out how to hack accounts, they are assuming it's through website somehow. That's why there are new security measures (the not a robot thing) and an advisory to change your password. They advised me to delete those 2 new accounts. They were both app accounts, one added Dec. 23, one added last week. They've locked my account for now until they add it to the team for further investigation, apparently there are quite a few showing up

So, if you have a PC Plus account, you may want to look at your past transactions, check and see if anyone has added new accounts onto yours, and change your online password!

 

[ilovetotravel1977]

Funny you should post this, as all my previous transactions are gone from my app. My points are there, but no transactions.

 

[ilovetotravel1977]

And it looks like I have two accounts as well. One is called Heat's iPhone and the other just Heather. The one with my name is the card number that I use on the app...this is weird.

 

[mort1331]

Glad i havent downloaded the app. Need to check when i am home my account. But each week my points are going up the way they should so I dont think so. Hoping its just the app. I just use my MC card.

 

[mort1331]

Thanks for the heads up though. Good for all to check

 

[kuhltiffany]

It's not just the app, the hackers are gaining access to accounts through the PC Plus website

 

[mort1331]

Thats not good.
Just checked mine, no issues so far. 90% of my points come via my MC and they are loaded same day. I only check the transactions every couple of months. But I do look at my receipt everytime and would notice if my total had gone down.
Good luck all.

 

[mshanson3121]

Thanks for the heads up!

 

[xlxo]

Once I have at least 20,000.... I cash out on my next purchase over $20. No point in having large point balances.

Large balances are an invitation for these potential hackers.

 

[ilovetotravel1977]

I'm letting mine accumulate this time...I want to cash out for $100 Mastercard / VISA gift cards to use towards travel

 

[Pumpkin1172]

Soooo a little off topic...but can we use the PC points for purchasing visa gifts cards??? That would be such a bonus and help me get closer to getting us another trip or Orlando

 

[Silvermist999]

Soooo a little off topic...but can we use the PC points for purchasing visa gifts cards??? That would be such a bonus and help me get closer to getting us another trip or Orlando

Yes, you can redeem your points for any of the gift cards they sell. You do still have to pay the $5.95 activation fee on the visa and mastercard gift cards though.

 

[kuhltiffany]

The stolen points were put back in my account today. I'm impressed by how quick PC has been with taking care of all this! Hopefully it won't happen to anyone else

 

[xlxo]

The question is...

• HOW was the points stolen?
• What private information was lost?
• Will everyone need to change their passwords?

I haven't heard anything public on the news... are they taking the problem seriously?

 

[Rory CB]

The question is...

• HOW was the points stolen?
• What private information was lost?
• Will everyone need to change their passwords?

I haven't heard anything public on the news... are they taking the problem seriously?

I haven't seen anything in the news either, but reading between the lines on the security email they sent out and having a decent knowledge of Internet based OpSec -https://en.wikipedia.org/wiki/Operations_security.

Overall nothing lost through someone hacking directly into their system

If your email/password was in another sites breach (https://haveibeenpwned.com/ is a good place to check, not affiliated with it at all) and you used it on PC Plus website, it would appear someone had been running a bot that input the leaked username and passwords against the PC Plus login (and noting the ones that worked). I am assuming this is why they added the 'not a robot' check box, slows down a bot like this - I am sure they put in other pieces to throttle access.

If yours was re-used, and they got in, then they would have everything on your file (address, credit card numbers, etc), though who knows if they collected any of it. Once they have your login confirmed they can use the app the redeem your points in store.

Password change - if it wasn't unique, change it (this is true for any leak), if it is unique you should be ok. It is also a good time to note that you should have a unique password for every site, for this exact reason. Password managers make this a snap.

I am not affiliated with PC Plus at all, so this could all be incorrect, take it with a grain of salt. Well, except for unique passwords, password managers, and checking if you are in Have I Been Pwned - those hold true regardless.
Rory

 

[suziespice]

I save up for the $200 visa or mastercard gift cards

 

[bcwife76]

Thanks for the heads up! I hate the app, it's always been buggy for me so I uninstalled it. Just went to the pc plus website and changed my password. Checked my points and recent transactions and I *think* everything looks ok.

 

[kuhltiffany]

Make sure you check under your cards and see if there are any that were added recently or you don't recognize. The hackers add supplemental cards to your account and them use them to redeem points

 

[ilovetotravel1977]

Make sure you check under your cards and see if there are any that were added recently or you don't recognize. The hackers add supplemental cards to your account and them use them to redeem points

Just checked my account and I have two other accounts! And when I look under my transactions, I have some made one card, and some made on another? I'm on hold now with PC Plus to find out what's going on.

 

[ilovetotravel1977]

They just told me I have three accounts because I downloaded the app three separate times. Makes sense.