You are here: Home - Household Bills - News -

Tesco Clubcard members’ Hotels.com discounts sold on dark web

0
Written by:
06/07/2020
Fraudsters were selling discount codes for Hotels.com which should have been enjoyed by Tesco Clubcard holders, after exploiting a vulnerability in the way vouchers were generated.

Tesco Clubcard temporarily removed Hotels.com from its reward partner list as scammers were able to guess remaining digits of a promotional code which would secure a discount for the holder.

These discount codes were then found to be sold online on hacker forums from as little as £37.50 for vouchers worth between £200 and £750.

Cybersecurity firm CyberNews uncovered the scam in March and alerted the parent company for Hotels.com – Expedia Group – about the security flaw.

It said the scam had serious consequences for Tesco Clubcard members. Those who were in line for discounts of up to £750 could have been left unable to secure their discount as the unique promotion codes can only be used once.

CyberNews added that the 13-character discount codes used the same first five characters, plus three numbers consisting of the discount amount (200, 500 or 750), and then a colon, leaving only the four last characters to be guessed by fraudsters.

The coupons are valid for bookings till 31 December 2021, and they can be used until December 2023.

The firm said: “In the current economic climate people are looking for ways to save money, so businesses need to stay vigilant to prevent fraud. We’d recommend using longer, less predictable discount codes with more characters which make it harder for cybercriminals to predict, as well as implementing a limit on attempts for an incorrect entry to prevent brute force attacks of this nature.”

The research found that, depending on the exact number of cases, Hotels.com could have lost millions in revenue as a result of this vulnerability.

A Hotels.com spokesperson, said: “This issue was identified and resolved promptly several months ago. Working closely with our partners at Tesco we ensured that only legitimate Clubcard customers were able to obtain and redeem the codes they had earned. No customers of Hotels.com or Tesco missed out on the offer, lost money or Clubcard points as a result.”

There are 0 Comment(s)

If you wish to comment without signing in, click your cursor in the top box and tick the 'Sign in as a guest' box at the bottom.

The savings accounts paying the most interest

If one of your jobs this month is to get your finances in order, moving your savings to a higher paying deal i...

Coronavirus and your finances: what help can you get?

News and updates on everything to do with coronavirus and your personal finances.

Everything you need to know about being furloughed

If you’ve been ‘furloughed’ by your company, here’s what it means…

What will happen if rates change

How your finances will be impacted by a rise in interest rates.

Regular Savings Calculator

Small regular contributions can build up nicely over time.

Online Savings Calculator

Work out how your online savings can build over time.

Having a baby and your finances: seven top tips

We’re guessing the Duchess of Cambridge won’t be fretting about maternity pay or whether she’ll still be...

Protecting family wealth: 10 tips for cutting inheritance tax

Inheritance tax - sometimes known as 'death tax' - can cause even more heartache for bereaved families. But th...

Travel insurance: Five tips to ensure a successful claim

Ahead of your summer holiday, it’s important to make sure you have the right level of travel cover or you co...

Money Tips of the Week

Read previous post:
Hull could face the slowest economic recovery from Covid-19

A study by the Social Market Foundation has revealed the places facing the worst economic hit from the pandemic.

Close