You are here: Home - Household Bills - News -

Tesco Clubcard members’ Hotels.com discounts sold on dark web

0
Written by:
06/07/2020
Fraudsters were selling discount codes for Hotels.com which should have been enjoyed by Tesco Clubcard holders, after exploiting a vulnerability in the way vouchers were generated.

Tesco Clubcard temporarily removed Hotels.com from its reward partner list as scammers were able to guess remaining digits of a promotional code which would secure a discount for the holder.

These discount codes were then found to be sold online on hacker forums from as little as £37.50 for vouchers worth between £200 and £750.

Cybersecurity firm CyberNews uncovered the scam in March and alerted the parent company for Hotels.com – Expedia Group – about the security flaw.

It said the scam had serious consequences for Tesco Clubcard members. Those who were in line for discounts of up to £750 could have been left unable to secure their discount as the unique promotion codes can only be used once.

CyberNews added that the 13-character discount codes used the same first five characters, plus three numbers consisting of the discount amount (200, 500 or 750), and then a colon, leaving only the four last characters to be guessed by fraudsters.

The coupons are valid for bookings till 31 December 2021, and they can be used until December 2023.

The firm said: “In the current economic climate people are looking for ways to save money, so businesses need to stay vigilant to prevent fraud. We’d recommend using longer, less predictable discount codes with more characters which make it harder for cybercriminals to predict, as well as implementing a limit on attempts for an incorrect entry to prevent brute force attacks of this nature.”

The research found that, depending on the exact number of cases, Hotels.com could have lost millions in revenue as a result of this vulnerability.

A Hotels.com spokesperson, said: “This issue was identified and resolved promptly several months ago. Working closely with our partners at Tesco we ensured that only legitimate Clubcard customers were able to obtain and redeem the codes they had earned. No customers of Hotels.com or Tesco missed out on the offer, lost money or Clubcard points as a result.”

There are 0 Comment(s)

If you wish to comment without signing in, click your cursor in the top box and tick the 'Sign in as a guest' box at the bottom.

Flight cancelled or delayed? Your rights explained

With no sign of the problems in UK aviation easing over the peak summer period, many will worry whether holida...

Rail strikes: Your travel and refund rights

Thousands of railway workers will strike across three days this week, grinding much of the transport system to...

How your monthly bills could rise as the base rate reaches 1.25%

The Bank of England has raised the base rate to 1.25% as predicted – the fifth consecutive rise in just six ...

What will happen if rates change

How your finances will be impacted by a rise in interest rates.

Regular Savings Calculator

Small regular contributions can build up nicely over time.

Online Savings Calculator

Work out how your online savings can build over time.

DIY investors: 10 common mistakes to avoid

For those without the help and experience of an adviser, here are 10 common DIY investor mistakes to avoid.

Mortgage down-valuations: Tips to avoid pulling out of a house sale

Down-valuations are on the rise. So, what does it mean for home buyers, and what can you do?

Five tips for surviving a bear market mauling

The S&P 500 has slipped into bear market territory and for UK investors, the FTSE 250 is also on the edge. Her...

Money Tips of the Week