We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Morrison More Breach - It's all the customer's fault!
Simon_Cox
Posts: 9 Forumite
I know that this has come up before, but there has been massive theft of Morrison More Points in the last couple of months on the lead up to the Christmas Period.
Personally, I had £30 stolen from my account, but some people are finding that anything up to £200 has been stolen from their account. Please see the Facebook group "Morrisons Missing Points" - currently over 300 affected members and growing.
Generally, points are claimed and spent in stores 100 miles or more from where customers live and shop.
Morrison's response to this has been appalling. Generally, when contacted, they promise a same day call back. Many have waited days and never received any callback.In fact, I have yet to hear anyone say that Morrison's have ever called back - this is how seriously they take this.
When the customer presses them for some kind of response, a generic copy and pasted email is sent out that basically says - It's not our fault, it's yours. They deny any breach and blame their customers for using the same password on multiple sites. They also seem to be relying on haveibeenpwned.com - That is their "evidence" that their customers have caused the breach.
The really funny thing about this is that if you run any of Morrison's email addresses through the site, you'll find that so have they!!
haveibeenpwned.com proves you were involved at some point in a breach with that named company. The details that were held by them is what was breached - so in my case, one email address and one password. It doesn't mean that all my details on everything I have ever done on the internet have been compromised - Morrison's fail to grasp this fact!
In my own particular case, I used a unique Google generated complex password for my account, so the suggestion by Morrison that it's my fault is ridiculous. Many others have also used unique passwords.
The points theft has been going on since 2018, but has ramped up considerably in the last couple of months.
Since 2018 they have done nothing to beef up their very weak site security.
*Minimum requirement for password is still 5 characters. All lower case is fine. I tested this by creating a test account with the password "idiot" - all fine by Morrison's.
*The More app - stays logged in even after you have changed your password. Updates a new card with a scannable bar-code in app. This is how I believe the thieves are cashing in the points. Scanning the bar-code at the till to collect the printed vouchers. So, I think it goes without saying that a thief will also still be logged into the app after a change of card or password. He will never be challenged to enter new credentials - he can carry on thieving without any fear of a challenge from Morrison's.
Furthermore, Morrison's know through their app where the theft has taken place, but refuse to analyse any CCTV footage. In fact, with one customer, the thieves were caught red handed in store - but still Morrison's refused to refund that customer on the basis that it was still her fault!!!
I think that the lack of customer service and their continuing negligence are frankly breathtaking.
At this moment in time - Morrison's are refusing point blank to refund anyone affected by this large scale theft.
When I demanded to speak to a Manager on the phone, when he had finally finished speaking all over me rather than listening to my complaint, he told me that Morrison's had originally been refunding customers, but had to stop once the refunds hit 7 figures - this gives some idea of the size of this - but still Morrison's arrogantly refuse to do anything about it.
I think that the huge numbers of people affected and the enormous geographical area that the thefts have taken place over, prove that it isn't just a few "Lucky Hackers" - this is organised crime, but Morrison's are behaving as if nothing has happened.
They continue to sit fat & happy and blame the loyal customers that pay their wages.
Personally, I had £30 stolen from my account, but some people are finding that anything up to £200 has been stolen from their account. Please see the Facebook group "Morrisons Missing Points" - currently over 300 affected members and growing.
Generally, points are claimed and spent in stores 100 miles or more from where customers live and shop.
Morrison's response to this has been appalling. Generally, when contacted, they promise a same day call back. Many have waited days and never received any callback.In fact, I have yet to hear anyone say that Morrison's have ever called back - this is how seriously they take this.
When the customer presses them for some kind of response, a generic copy and pasted email is sent out that basically says - It's not our fault, it's yours. They deny any breach and blame their customers for using the same password on multiple sites. They also seem to be relying on haveibeenpwned.com - That is their "evidence" that their customers have caused the breach.
The really funny thing about this is that if you run any of Morrison's email addresses through the site, you'll find that so have they!!
haveibeenpwned.com proves you were involved at some point in a breach with that named company. The details that were held by them is what was breached - so in my case, one email address and one password. It doesn't mean that all my details on everything I have ever done on the internet have been compromised - Morrison's fail to grasp this fact!
In my own particular case, I used a unique Google generated complex password for my account, so the suggestion by Morrison that it's my fault is ridiculous. Many others have also used unique passwords.
The points theft has been going on since 2018, but has ramped up considerably in the last couple of months.
Since 2018 they have done nothing to beef up their very weak site security.
*Minimum requirement for password is still 5 characters. All lower case is fine. I tested this by creating a test account with the password "idiot" - all fine by Morrison's.
*The More app - stays logged in even after you have changed your password. Updates a new card with a scannable bar-code in app. This is how I believe the thieves are cashing in the points. Scanning the bar-code at the till to collect the printed vouchers. So, I think it goes without saying that a thief will also still be logged into the app after a change of card or password. He will never be challenged to enter new credentials - he can carry on thieving without any fear of a challenge from Morrison's.
Furthermore, Morrison's know through their app where the theft has taken place, but refuse to analyse any CCTV footage. In fact, with one customer, the thieves were caught red handed in store - but still Morrison's refused to refund that customer on the basis that it was still her fault!!!
I think that the lack of customer service and their continuing negligence are frankly breathtaking.
At this moment in time - Morrison's are refusing point blank to refund anyone affected by this large scale theft.
When I demanded to speak to a Manager on the phone, when he had finally finished speaking all over me rather than listening to my complaint, he told me that Morrison's had originally been refunding customers, but had to stop once the refunds hit 7 figures - this gives some idea of the size of this - but still Morrison's arrogantly refuse to do anything about it.
I think that the huge numbers of people affected and the enormous geographical area that the thefts have taken place over, prove that it isn't just a few "Lucky Hackers" - this is organised crime, but Morrison's are behaving as if nothing has happened.
They continue to sit fat & happy and blame the loyal customers that pay their wages.
0
Comments
-
I received the same email address, the email did say about changing passwords but the breach wasn't at Morrisons but BA.0
-
Yep, the same as I received. I can almost imagine a scenario where my card could be cloned at the till by a rouge staff member, but they'd have to get into my account to release the vouchers...
Admittedly it's too soon to say for sure what's happened. But if it helps someone else I wanted to get the info out there.
I don't believe that I have a BA account, only flew on them twice, years ago and booked via an agent.0 -
A couple of years back I used Morrisons store and got their points and spent them, then accumulated some more points (a few thousand) however didn't go back to the store for some months - when I went back it transpired as I hadn't been using the card for a fair while they deleted the card I used and removed all the points!
I was not impressed. That is also theft on their part, especially as they never even wrote to me or emailed me before they did this.0 -
however didn't go back to the store for some months - when I went back it transpired as I hadn't been using the card for a fair while they deleted the card I used and removed all the points!
Was it > 12 months? If so this is permitted by the terms of the scheme. See 1.16. Could any email they sent you have been caught by a spam filter?
https://my.morrisons.com/more/terms-and-conditions.html0 -
OP - do you have the account details on your iPhone? Could be that's where the weakest link is. Or, at home are you on a wifi - could that be picked up elsewhere?
Tesco had a similar problem some years back, perhaps morrisons should talk to them!!I used to work for Tesco - now retired - speciality Clubcard0 -
Same thing has happened to me, 50,000 points went missing and I contacted Morrisons More who contacted me by email the next day saying, sorry am error has occurred and that they had replaced the missing points. I didn’t feel that they were safe though and had intended taking them out next visit but my husband who is very ill was taken into hospital before I could. My next visit to the store the cashier handed me 2 x £5 tokens I asked why the tokens as I usually save them until Christmas and she said I only had 3,000 points left out of 63,000. I have once more contacted Morrisons More but apart from getting an email today with a ref number I don’t know what’s happening as of yet.0
-
I just keep a pile of vouchers - Tesco & Morrisons, and use when about to expire. Probably got between 10 - 15 Morrisons ones. On Thursday had another invite to spend £40.00 on a shop UTI Sunday to get 4,000 points.
I've got to make sure I don't lose my Nectar card - about £72.00 on it.I used to work for Tesco - now retired - speciality Clubcard0 -
Same thing has happened to me, 50,000 points went missing and I contacted Morrisons More who contacted me by email the next day saying, sorry am error has occurred and that they had replaced the missing points. I didn’t feel that they were safe though and had intended taking them out next visit but my husband who is very ill was taken into hospital before I could. My next visit to the store the cashier handed me 2 x £5 tokens I asked why the tokens as I usually save them until Christmas and she said I only had 3,000 points left out of 63,000. I have once more contacted Morrisons More but apart from getting an email today with a ref number I don’t know what’s happening as of yet.
Why Morrisons More, thars the name of the card, you contacted Morrisons.0 -
This same thing happened to me, I noticed my balance had gone down on Friday so I called them and they refunded the points I called them again today as I had a email saying to change my password 3 times so I called them today to see if it was them sending the email. She confirmed it was one of her colleges and then said that my cars was used in a London store on the 7th Nov to receive the vouchers then went to another store brought Something for £17 and paid for with £15 of my vouchers. All the while I'm back here in bristol nearly 100 miles away from London. Well I changed my password using the link sent by her college and checking my preferences still set to save my points. Well I've just checked my app and my points have been printed off again!! Yes I'm sit sat on my sofa and the helpline is closed to speak to anybody. I can't understand how they have been printed off as my settings are still set to save them!! :mad::mad:1
-
This same thing happened to me, I noticed my balance had gone down on Friday so I called them and they refunded the points I called them again today as I had a email saying to change my password 3 times so I called them today to see if it was them sending the email. She confirmed it was one of her colleges and then said that my cars was used in a London store on the 7th Nov to receive the vouchers then went to another store brought Something for £17 and paid for with £15 of my vouchers. All the while I'm back here in bristol nearly 100 miles away from London. Well I changed my password using the link sent by her college and checking my preferences still set to save my points. Well I've just checked my app and my points have been printed off again!! Yes I'm sit sat on my sofa and the helpline is closed to speak to anybody. I can't understand how they have been printed off as my settings are still set to save them!! :mad::mad:
Id be concerned how they are managing to print the vouchers off.0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.7K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 452.9K Spending & Discounts
- 242.6K Work, Benefits & Business
- 619.4K Mortgages, Homes & Bills
- 176.3K Life & Family
- 255.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards