This article is more than 1 year old
To members of Pizza Hut's loyalty scheme: You really knead to stop reusing your passwords
Hackers cheese free slices after logins from other websites deliver the goods
Pizza Hut has warned members of its loyalty scheme "Hut Rewards" not to re-use passwords after hackers managed to access some customer accounts.
The fast-food chain, which also suffered a breach stateside in 2017, believes that miscreants got hold of details from elsewhere and then used them to access Pizza Hut systems.
The outfit reassured customers that it does not store credit or debit card details and that it had already contacted customers whose accounts were compromised.
At least one traumatised punter has seen their rewards points spent on free pizza, according to Money Saving Expert.
A Reg reader sent us the warning email:
We believe there has been unauthorised access of a small amount of Hut Rewards accounts by a third party. We suspect this is due to a third party obtaining emails and passwords from unsecure websites and using them to try and access other websites in the hope that users have used the same email & password combination. As a precaution we recommend that you change your Hut Rewards password as soon as possible to preserve the security of your account and, as best practice, strongly recommend that you use different passwords for different websites.
Please rest assured that we do not store any credit or debit card details. We have already contacted the small number of customers whose accounts we've identified as being compromised.
We take consumer data and security very seriously and we are working hard to ensure this issue is resolved quickly. We will continue to notify any customers that we identify as being at risk and have also informed our regulator of the incident.
If you have noticed any unusual activity on your account, or if you require further information, please contact our Customer Team. Their details can be found via our website's Contact Us page at Pizzahut.co.uk.
Though we asked Pizza Hut how the breach was detected and how systems were protected, aside from repeating what was in the email above, it sent us the following statement:
"We are aware of a few hundred accounts, which is under 1 per cent of Hut Rewards customers being impacted. We have contacted these customers directly and will be reinstating lost slices. As a precaution, we are asking all Hut Rewards customers to change their password. We are continuing to investigate this as a priority."
It could serve as a warning to other organisations if hackers have got their mitts on a bunch of names and passwords and are trying their luck on other websites.
The EU's General Data Protection Regulation puts the onus on companies to inform customers at risk and the Information Commissioner's Office (ICO) in the event of breaches. We're still awaiting a response from the UK data watchdog. ®