Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • Itbw4
    • By Itbw4 11th Sep 18, 6:05 PM
    • 2Posts
    • 2Thanks
    Itbw4
    Morrisons More Points Theft
    • #1
    • 11th Sep 18, 6:05 PM
    Morrisons More Points Theft 11th Sep 18 at 6:05 PM
    First time posting so apologies if I break any protocols...

    This is mainly a warning to any users of the Morrisons More scheme.

    The background is that I'm a frequent shopper and as such accumulate a fair few points. Instead of receiving the £5 voucher as soon as I hit the 5000 points I have my preferences set to save the vouchers until I request them. I do this as a way of taking care of the big Christmas shop.

    Anyway I visited my usual store and noticed my points balance had dropped from 30k+ to roughly 400. I have been in touch with Morrisons and they advise me that the option to release the vouchers was actioned on 06/09/18 on my online account. The same day the vouchers were successfully printed using 'my card' in a store 80 miles from my home address (a store and town I've never been to!) to top things off the vouchers were cashed in later that same day.

    Firstly I know that I didn't action the vouchers, nor did I visit the store in question. I've received mixed responses from Morrisons. First being non belief and the second being belief but with a hint of doubt.

    Secondly I still have the physical card, it's usually scanned rather than swiped so any scammer could easily duplicate it at a self scan terminal. I can also prove that I wasn't at the store and have told Morrisons to check their CCTV!

    They're currently investigating how it happened, but I'm without £30 worth of vouchers and with a potentially compromised card, let alone my personal details from their site. Coincidentally they sent me an email today encouraging me to change my password due to recent security breaches!

    If you use the scheme in the same way that I do please check your points balance and/or change your account password!
Page 3
    • Cefca
    • By Cefca 5th Jul 19, 9:51 AM
    • 51 Posts
    • 259 Thanks
    Cefca
    An update for those who have had money stolen from their More card Morrisonís are claiming our accounts were hacked so nothing to do with them As proof they send a link "have i been pwned" and when you put you e mail in it tells you you have been pwned then this site encourages you to buy a secure password. Oh no you think I have been hacked. The only trouble is put in any e mail address ( I tried 10 of my friends) and it tells me all of them have been pwned. I got suspicious so put in Morrisonís customer service e mail and guess what they have been pwned. Obviously a site trying to sell their stuff. My question to Morrisonís Do you believe this site is legit? If so then you have been hacked If you donít then why are you using it to blame customers rather than taking responsibility? We will see what the Courts think? Get out if that one
    Originally posted by Gary9960

    It is a legitimate site.
    • Gary9960
    • By Gary9960 5th Jul 19, 6:38 PM
    • 8 Posts
    • 1 Thanks
    Gary9960
    It is a legitimate site.
    Well then Morissons customer service e mail, has been hacked
    • no1catman
    • By no1catman 8th Jul 19, 10:42 AM
    • 2,888 Posts
    • 2,147 Thanks
    no1catman
    21st May 2019 I had £30 of more points stolen. My vouchers were spent in Ft.William which is round trip of over 1000 miles from where I live. I only had the app for a short while, as I didn't like it much. I also had Tesco's clubcard app which at the time had same email & passw
    Originally posted by Joolsem
    Why would you have the same password for both?

    Tesco several years ago went through a period of problems over Voucher Fraud - so it's no wonder that they are safer, Clubcard have more safeguards built into the system to prevent unauthorised use. Whereas Morrisons may believe that the 'password' is enough.

    You could go to Action Fraud.
    I used to work for Tesco - now retired - speciality Clubcard
    • davea1_1
    • By davea1_1 23rd Jul 19, 4:26 PM
    • 7 Posts
    • 0 Thanks
    davea1_1
    Points Theft
    I have this situation and luckily itís only £5 or £10 that has been taken. Conflicting information given by customer services, told one had been used online to then be told it had been used in a store 40+ miles away.
    They wonít budge on refunding citing the data breach website as the fact someone has used my login credentials.
    Iíve now exercised my right under GDPR to make a data subject access request (DSAR) where they have to provide all the information that they hold on me within 1 calendar month so I would suggest anyone with the same problem does the same.

    I await a response but in the meantime theyíve lost another customer (again). Kicking myself as had already converted to Aldi but fell for a recent Ďbonus pointsí offer....
    • Cookiekel83
    • By Cookiekel83 28th Jul 19, 12:19 PM
    • 1 Posts
    • 0 Thanks
    Cookiekel83
    Well I’ve now been a victim of Morrison’s more card theft as well I went on today to redeem some vouchers as needed to do shopping. I knew I had at least £160 saved up for when I needed them. When I logged in I was missing around 150,000 points!!! So I called them and they advised me that I redeemed £150 in June?? I told them it wasn’t me and that I hadn’t done this he then went on to tell me my email had been hacked and there was nothing they would do! Now I know this isn’t the case as I have my email setup and frequently change the password plus I have alerts setup if it’s hacked!! So someone in my opinion has hacked them got my details! My bank details are saved on my shopping account and this hasn’t been effected at all!! He told me he couldn’t tell me where they were used. I have raised this with action fraud but it seems we are all being informed the same thing £150 is a lot of money and I won’t rest until they sort this! Needless to say I will not be continuing to shop with them!
    • greenchoc11
    • By greenchoc11 1st Aug 19, 2:11 PM
    • 2 Posts
    • 1 Thanks
    greenchoc11
    £15 stolen from me. Same rubbish about being hacked, now ignoring my further emails to them. Would encourage everyone to report to watchdog , if enough do they might report the story
    • davea1_1
    • By davea1_1 5th Aug 19, 6:43 AM
    • 7 Posts
    • 0 Thanks
    davea1_1
    Yep, I reported to Watchdog, too. Iím also considering going to the local paper (T&A) which is the same local paper that covers their Head Office.
    How can we believe what they are saying? Iím sure it wasnít too long ago that an employee was found guilty of leaking personal details.
    • no1catman
    • By no1catman 5th Aug 19, 9:34 AM
    • 2,888 Posts
    • 2,147 Thanks
    no1catman
    Surely the first priority is Action fraud!? And, how do you know you haven't been 'hacked'? Have you accessed your account at home, or in a public place with other people about?
    I used to work for Tesco - now retired - speciality Clubcard
    • Browntoa
    • By Browntoa 5th Aug 19, 9:55 AM
    • 35,630 Posts
    • 41,779 Thanks
    Browntoa
    Pwned site is genuine , it means your email address is on openly available hacked lists .

    Can be from either

    Web site database hacked ( no proof of Morrisons being hacked )

    User stupidity , click on link in scam email to "reset password"

    User stupidity , allowed malware to be installed on pc or device by clicking on email link or pop up saying "update required" etc.

    I have one of my email address on that pwned site from a forum hack ( not this one ) but my main email address does not.

    Morrisons do have a point
    I'm the Board Guide of the Referrers ,Telephones, Pensions , Shop Don't drop ,over 50's , Boost your income and Discount Code boards which means I volunteer to help get your forum questions answered and keep the forum runnning smoothly .However, please remember, board guides don't read every post. If you spot an inappropriate or illegal post please report it to forumteam@moneysavingexpert.com Any views are mine and not the official line of MoneySavingExpert.
    • davea1_1
    • By davea1_1 5th Aug 19, 11:48 AM
    • 7 Posts
    • 0 Thanks
    davea1_1
    But I have serious misgivings around their online security.
    1. You change password on the website but the app remains logged in and allows details to be changed, such as changing the voucher preferences, without asking you to sign in again. Presume this is why they tell you to report your card as lost or stolen as someone could still use your card details.
    2. Lack of multi-factor authentication (such as texting you a unique number to enter when logging in) - especially as money is involved.
    3. Website says you canít use a previous password when changing password but accepts it (and confirms it has been changed) as well as allowing you to Ďchangeí it to the same password (again, telling you your password has been changed).
    Anyone with the app on an iPhone can try 1. above and everyone can try 3.
    Secure? I donít think so
    • greenchoc11
    • By greenchoc11 5th Aug 19, 2:36 PM
    • 2 Posts
    • 1 Thanks
    greenchoc11
    In reference to Browntoa, I used a unique password for each of my sites. I do not have malware or fall subject to phishing or anything like that, so I would not put it down to "user stupidity". Their website has serious security flaws such as no OTP, not notifying when a new device has been linked to your account when you change the password then it still leaves the app logged in and also the fact that there is no waiting period like there is in the redemption of clubcard points. There are many ways that someone could have gained access to passwords - internal leak, a hack occurred that they haven't admitted to or detected, someone brute-forced the site and got a working list of passwords to sell on. Morrisons should take responsibility for their low security and refund customers - like banks do. The final email I sent got a reply saying they are looking into making the app more secure with a unique pin on the app - bit too late for all of us though
    • davea1_1
    • By davea1_1 8th Aug 19, 4:08 PM
    • 7 Posts
    • 0 Thanks
    davea1_1
    Please tell me someone has seen todayís article in The Telegraph & Argus (Bradford paper local to Morrisons Head Office)? Unfortunately, I canít post a link to it as Iím not allowed due to the rules on here but if you go to thetanda website thereís a story of an employee fraud around Morrisons More points. You couldnít make it up!
    • General Grant
    • By General Grant 8th Aug 19, 5:12 PM
    • 1,159 Posts
    • 1,077 Thanks
    General Grant
    Please tell me someone has seen todayís article in The Telegraph & Argus (Bradford paper local to Morrisons Head Office)? Unfortunately, I canít post a link to it as Iím not allowed due to the rules on here but if you go to thetanda website thereís a story of an employee fraud around Morrisons More points. You couldnít make it up!
    Originally posted by davea1_1

    https://www.thetelegraphandargus.co.uk/news/17824900.morrisons-employee-loaded-millions-points-onto-bogus-loyalty-cards-42-000-fraud/
    • davea1_1
    • By davea1_1 8th Aug 19, 6:27 PM
    • 7 Posts
    • 0 Thanks
    davea1_1
    [QUOTE=General Grant;76132673]
    Thank you!
    • olive1820
    • By olive1820 26th Sep 19, 3:06 AM
    • 186 Posts
    • 182 Thanks
    olive1820
    We had £75 of vouchers used, hundreds of miles away from us in Bolton, we had the what now seems like a standard email saying, our email was pwned, when we had already checked and it wasn't. How can they get away with this, no investigation by them, they could surely check CCTV at the relevant store and see how and what these vouchers were spent on, all presumably without a card, all they do is wash their hands and offer a new card and we are out of pocket.
    • Pamkelly1980
    • By Pamkelly1980 27th Sep 19, 1:38 PM
    • 3 Posts
    • 0 Thanks
    Pamkelly1980
    I've been hacked as well
    Just logged into my account, and i've had £30 vouchers used in a store in Bolton and i live in Glasgow. Phoned Morrrisons they said they're looking into it. Advised me to change my password.
    • olive1820
    • By olive1820 27th Sep 19, 4:33 PM
    • 186 Posts
    • 182 Thanks
    olive1820
    You will be blamed
    Hi Pamkelly1980, sorry to hear that, they will not refund ours, they say somebody managed to use the correct password to log into our account, so it is our fault. We are gutted, we saved them for months, we cannot change our password, as somebody has already changed the details and because we don't know what they were changed to we can't update, postcode etc. I suspect you will be fobbed off too, they will say the CEO's office is looking at it and they have decided not to refund them back. Appalling customer service, they really don't care.
    • DCFC79
    • By DCFC79 27th Sep 19, 7:02 PM
    • 35,054 Posts
    • 22,157 Thanks
    DCFC79
    Just logged into my account, and i've had £30 vouchers used in a store in Bolton and i live in Glasgow. Phoned Morrrisons they said they're looking into it. Advised me to change my password.
    Originally posted by Pamkelly1980
    Hi Pamkelly1980, sorry to hear that, they will not refund ours, they say somebody managed to use the correct password to log into our account, so it is our fault. We are gutted, we saved them for months, we cannot change our password, as somebody has already changed the details and because we don't know what they were changed to we can't update, postcode etc. I suspect you will be fobbed off too, they will say the CEO's office is looking at it and they have decided not to refund them back. Appalling customer service, they really don't care.
    Originally posted by olive1820
    Have you both checked the issue isn't your PC ?

    Download any dodgy software ?

    Clicked on a link in an email and download what was jn the email ?

    Were your passwords easy to guess ?
    • olive1820
    • By olive1820 28th Sep 19, 3:25 AM
    • 186 Posts
    • 182 Thanks
    olive1820
    Checked everything
    Hi, we have checked everything we can think of, because we are so stunned. We had £90, we started to printed them at the start of the week and printed three and that looks like a signal to the thief to print the rest, looks so much like an inside job. We realise we have been stupid, so hopefully getting it out there and warning others will stop it happening to them, because Morrisons have just washed their hands of it !
    • Mrs_C1977
    • By Mrs_C1977 7th Oct 19, 11:19 AM
    • 1 Posts
    • 0 Thanks
    Mrs_C1977
    We've recently had £25 worth stolen from us and received the same response. I have now contacted BBC watchdog, if there's anyone else I can contact let me know.... there is no way someone has 'guessed' my password it was totally unique to this app and contained upper and lower case letters plus multiple numbers. Definitely an inside job!! They need investigating.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

2,125Posts Today

7,413Users online

Martin's Twitter