HereS a summary of the key data from the provided text, focusing on the New World data breach and security concerns:
The Breach & Potential Risks:
Account Access & Spending: Scammers were able to access New World Clubcard accounts. They could spend a customer’s reward dollars and charge purchases beyond that balance to a linked credit card.Krebs (a security expert) highlighted the potential for significant fraudulent purchases (e.g., $500 of alcohol).
Lack of Verification: The author personally experienced placing an order exceeding their reward balance, charged to their stored credit card without being asked for the three-digit security code (CVV). Adding items to an order on the website also didn’t require a security code.
Credit Card Details Protected (to a degree): While scammers could charge purchases,they couldn’t see the full credit card details (number,name,expiry date,CVV). New World stores an encrypted token of the card,not the actual details.
Token Deletion: After discovering the breach, New World deleted the encrypted tokens, preventing further fraudulent purchases through compromised accounts.New World’s Response:
Password Reset: Affected customers are being asked to reset their passwords with strong, unique passphrases.
Monitoring & Security Reinforcement: New World is monitoring for further malicious activity and working with cybersecurity experts to improve defenses.
* Apology: New World apologized for the inconvenience and emphasized their commitment to protecting customer data.