Nectar account hacked

A quick warning for people to check the Nectar card accounts if they have one.

I received a new card yesterday which I wasn't expecting ending in a new account number, when I tried to log into my account last night with my original card number it wouldn't let me so I tried to use the new number and on going through the change password process I noticed there was a different, unknown email address that the new password details would be sent to. I also then remembered that I got, what I originally thought was a spam email from Nectar about a change of email address over a week ago.

Thumbs up to Nectar for sorting it without any hassle though. Rang them first thing this morning and it turns out someone had managed to hack my account, change the email address then spend all my points on some ebay purchases. Nectar has now created a new account for me, added all my points back and credited a further 2,000 for the inconvenience.

Comments

  • Takmon
    Takmon Posts: 1,738 Forumite
    1,000 Posts Second Anniversary Name Dropper
    neilmcl wrote: »
    A quick warning for people to check the Nectar card accounts if they have one.

    I received a new card yesterday which I wasn't expecting ending in a new account number, when I tried to log into my account last night with my original card number it wouldn't let me so I tried to use the new number and on going through the change password process I noticed there was a different, unknown email address that the new password details would be sent to. I also then remembered that I got, what I originally thought was a spam email from Nectar about a change of email address over a week ago.

    Thumbs up to Nectar for sorting it without any hassle though. Rang them first thing this morning and it turns out someone had managed to hack my account, change the email address then spend all my points on some ebay purchases. Nectar has now created a new account for me, added all my points back and credited a further 2,000 for the inconvenience.

    If their is a vulnerability in the Nectar card system that allows a hacker to gain access to anyone's account then this would be bigger news and thousands of people would be effected.

    What's most likely happened is that you have given out your password on a phishing site or some other way. They have then used this password to access your account like normal and change the details.
    So your next steps should be to change all your passwords making sure you use a different one for each site just in case. Also enable Two-Factor Authentication on any accounts that offer it if you haven't already.
  • neilmcl
    neilmcl Posts: 19,460 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    Takmon wrote: »
    If their is a vulnerability in the Nectar card system that allows a hacker to gain access to anyone's account then this would be bigger news and thousands of people would be effected.

    What's most likely happened is that you have given out your password on a phishing site or some other way. They have then used this password to access your account like normal and change the details.
    So your next steps should be to change all your passwords making sure you use a different one for each site just in case. Also enable Two-Factor Authentication on any accounts that offer it if you haven't already.
    I'm not so sure. I'm very careful with my password management and the sites I go to. Also, I've not actually logged in to my Nectar account for months and you also require the account card no. to log in. Another thing that doesn't make sense is why bother changing the email address and getting a new card, yes that stops me getting access back but it also alerted me to the potential takeover.

    I got the impression from the customer service guy that this isn't that rare.
  • Rather than being rash, check here


    https://haveibeenpwned.com/
  • forgotmyname
    forgotmyname Posts: 32,852 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    Found a few cases where people lost their nectar points, we had a few hundred £'s in points. Seemed a bit risky so we started using them.

    Never seem to get any worthwhile deals like we used to with the Tesco points.
    Censorship Reigns Supreme in Troll City...

  • Noticed today on my receipt that £50+ points were missing.

    Checked Nectar app and someone had used them on eBay.

    Contacted customer services and my card had been hacked. Someone else had used it on their eBay. They asked if I knew him!?

    As only my husband and I are on the nectar card, I’m unsure of how someone else was able to use it.

    They are sorting it for me though and have issued 2000 points in compensation.

  • Contacted customer services and my card had been hacked. Someone else had used it on their eBay. They asked if I knew him!?

    As the offender in most of these incidents is fairly close to home, it's natural they would ask that.
  • omendata
    omendata Posts: 102 Forumite
    Part of the Furniture 10 Posts Name Dropper Combo Breaker
    No the hack is quite simple to do anyone can do it if you know how - it relies on a problem with the nectar phone app!

    Until Nectar fix the login on the phone app anyone can hack your account and clone your card!
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 349.8K Banking & Borrowing
  • 252.6K Reduce Debt & Boost Income
  • 453K Spending & Discounts
  • 242.7K Work, Benefits & Business
  • 619.5K Mortgages, Homes & Bills
  • 176.4K Life & Family
  • 255.6K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.