Miscreants have been nabbing British supermarket chain Tesco Clubcard discount codes to snap up Hotels.com rewards meant for holders of the retailer's loyalty cards.
Uncovered by researchers from CyberNews, a vulnerability stemmed from the way Hotels.com generated the discount codes, which are issued to Clubcard holders as a reward for splashing the cash in-store. The 13-character discount code used the same first five characters, then three numbers for the discount amount (200, 500 and 750), a colon, and then four final characters (to be guessed by the ne'er-do-wells).
CyberNews reckoned that there were around four million possible codes – well within the bounds of a brute force attack.
While no accounts were compromised (and neither Tesco's nor Hotels.com's IT systems were breached), it was potentially a bit of a pain for some Clubcard holders hoping to use their discounts since the codes are unique an ..
Support the originator by clicking the read the rest link below.