February 21, 2017 10:09 am

Loblaw resets all PC Plus customer passwords after security breach

A Loblaws store in Toronto is shown on Thursday May 2, 2013. Loblaw is warning PC Plus rewards collectors to beef up their passwords after points were stolen from some members' accounts. THE CANADIAN PRESS/Aaron Vincent Elkaim

The Canadian Press/Aaron Vincent Elkaim

PC Plus members across Canada have been forced to reset their passwords after a security breach that resulted in points being stolen from customer accounts.

Loblaw revealed nearly two weeks ago that a security breach allowed attackers to access individual member accounts. At the time, the company encouraged customers to beef up their passwords on the website, citing weak username and password combinations as a reason for the breach.

Story continues below

READ MORE: PC Plus points stolen from customer accounts in security breach

“We are treating this as a breach as individual member accounts were accessed and points were stolen,” said Kevin Groh, the company’s vice-president of corporate affairs and communications, in a statement.

Groh said the weak passwords were likely stolen from other sites and used to access PC Plus accounts.

Loblaw did not disclose how many user accounts were affected by the breach; however, on Tuesday, the company announced it had reset all user passwords as a precautionary measure.

READ MORE: Canadian Tire website breached, consumer accounts in question

“In order to better protect all members, we have reset all passwords. We require everyone to create a new password, including those who may have done so recently,” read the company’s website.

“Check your inbox for an email with a simple and quick reset link or follow the Forgot Password link after the Sign in button.”

Tips for creating secure passwords

Stay away from easy-to-guess passwords like “123456″ or “password” as well as easy to guess identifiers, like your dog’s name.

Numbers included in a password should never be something easy to guess based on the user. That means your age, the current year, or your address are not good choices. Similarly, the longer the password the better.

READ MORE: How to protect yourself from security breaches on social media sites

Passwords that use up to 10 uppercase and lowercase letters mixed with numbers are proven to be more secure – despite being hard to remember.

One tip is to construct a password from a sentence, mix in a few uppercase letters and a number – for example, “There is no place like home,” would become “tiNOplh62.”

And remember, try not to use the same password for any two accounts.

– With files from The Canadian Press

© 2017 Global News, a division of Corus Entertainment Inc.

Report an error


Want to discuss? Please read our Commenting Policy first.