PC Plus members across Canada have been forced to reset their passwords after a security breach that resulted in points being stolen from customer accounts.
Loblaw revealed nearly two weeks ago that a security breach allowed attackers to access individual member accounts. At the time, the company encouraged customers to beef up their passwords on the website, citing weak username and password combinations as a reason for the breach.
“We are treating this as a breach as individual member accounts were accessed and points were stolen,” said Kevin Groh, the company’s vice-president of corporate affairs and communications, in a statement.
Groh said the weak passwords were likely stolen from other sites and used to access PC Plus accounts.
Loblaw did not disclose how many user accounts were affected by the breach; however, on Tuesday, the company announced it had reset all user passwords as a precautionary measure.
“In order to better protect all members, we have reset all passwords. We require everyone to create a new password, including those who may have done so recently,” read the company’s website.
“Check your inbox for an email with a simple and quick reset link or follow the Forgot Password link after the Sign in button.”
Stay away from easy-to-guess passwords like “123456″ or “password” as well as easy to guess identifiers, like your dog’s name.
Numbers included in a password should never be something easy to guess based on the user. That means your age, the current year, or your address are not good choices. Similarly, the longer the password the better.
Passwords that use up to 10 uppercase and lowercase letters mixed with numbers are proven to be more secure – despite being hard to remember.
One tip is to construct a password from a sentence, mix in a few uppercase letters and a number – for example, “There is no place like home,” would become “tiNOplh62.”
And remember, try not to use the same password for any two accounts.
– With files from The Canadian Press