Wiggle says that login details of customers that hackers used to gain access to accounts and order goods were obtained from outside its own systems. The online retailer says it will refund people who have been affected, and has recommended that customers change their passwords.
As we reported yesterday, a number of the company’s customers a number of its customers have reported in recent days that they have received confirmation of orders for items they hadn’t bought, and did not recognise the delivery addresses the goods were to be sent to.
> Wiggle investigating suspected cyber attack on customers' accounts
In statement issued today, the company’s CEO, Ross Clemmow, said: “Data security is of the utmost importance to us. We’ve investigated the isolated incidents where accounts have been accessed, and we understand a small number of customers’ login details have been acquired outside of Wiggle’s systems and some have been used to gain access to Wiggle accounts and purchases made.
“We have taken steps to identify these compromised accounts and we will be individually contacting these customers. All impacted customers will be refunded.
“To protect our customers, all accounts will require the re-entry of card details for the next purchase. We are aware that where customers utilise the same password across multiple websites, fraudsters with access to some details can feasibly use these to try and gain access to genuine customer accounts.
“We recommend our customers change their password if they have any concerns. We would like to assure our customers we’re prioritising all enquiries related to this issue.”
Concerned customers began raising the alarm on social media last week, with more cases being flagged up to the retailer over the weekend.
Yesterday, a road.cc reader got in touch with us to say that a £30 order had been made on his account without his knowledge, while another customer tweeted that £237.50 had been debit from his bank account after someone ordered a Castelli skinsuit using his Wiggle account details.
Wiggle has recommended that people use the website Have I Been Pwned to check whether their email address has been compromised.
To enhance your online security, you can also use the 1Password service, which is integrated with Have I Been Pwned, and which uses “strong, unique passwords for every account” you have to minimise the impact of any data breach to just the account in question.
100% this. As I've noted elsewhere, NFBUK claim to be the "Voice of Blind People" when they have fewer than 3000 Twitter followers (there are 340...
. Easy, RIch, easy! . They'll be trying to cancel you next! .
They already charge heavily polluting vehicles for driving in some city centres - I don't recall mass protests......
Manchester mayor Andy Burnham to pay almost £2k speeding fine https://www.bbc.co.uk/news/uk-england-manchester-65075890
People like that hold several similar positions on boards of charities and public organisations. Sometimes they're paid for their day or two of...
Take that plants! Serves you right for making the neighbourhood a marginally more pleasant place to be.
That Reilly 😍
Park Row business owners respond to parking row saying cycle lane is 'killing' trade...
Nah mate. The terrible drivers just plough through.
I'm up to 100 video submisdions so far this year to police, the drivists have to start thinking is it worth getting somewhere 5 seconds quicker or...