Gransnet forums

Other subjects

Superdrug Security email received. Long post

(20 Posts)
Auntieflo Thu 23-Aug-18 19:38:33

This email has just been received, (abbreviated version.)

Security Notice

Hi *****

We respect the privacy of your personal information, which is why we are writing to advise you of an event that resulted in the possible disclosure of your personal data, but not including your payment card information.

On the evening of the 20th of August, we were contacted by an individual who claimed they had obtained a number of our customers’ online shopping information. There is no evidence that Superdrug’s systems have been compromised. We believe the individual obtained customers’ email addresses and passwords from other websites and then used those credentials to access accounts on our website. The individual claims that they have obtained information on approximately 20,000 customers but we have only seen 386.
We can confirm that your details are not one of the 386 customers affected.

Customers’ names, addresses and, in some instances, date of birth, phone number and points balances may have been accessed. In line with good security practice, we are advising you to change your password now and on an on-going, frequent basis.

We are very sorry for the inconvenience and concern this has caused.

We have contacted the Police and Action Fraud (the UK’s national fraud and cyber-crime arm) and will be offering them all the information they need for their investigation as we continue to take the responsibility of safeguarding our customers’ data incredibly seriously.

Peter Macnab
CEO of Superdrug

Has anyone else received such a communication?

Auntieflo Thu 23-Aug-18 19:39:39

I meant to add that although I have used the store, as far as I know, I do not have an account/password for this store.

M0nica Thu 23-Aug-18 19:46:13

Auntieflo, it is genuine. I have googled it. Here is a link to the story

The CEOs name is genuine, for what that is worth, but so is the Superdrug website address.

Elegran Thu 23-Aug-18 19:50:58

The internet has various reports. This Huffington Post page has what looks like a later update. Superdrug Says Customer Data Stolen By Hackers Is From 'Other Websites'

"In a statement issued to HuffPost UK on Wednesday morning, a Superdrug spokesperson added that following further investigation from “independent IT security advisors” they found “no signs of a hack of our systems”.
A spokesperson said there had been “no mass data download or extraction” from Superdrug’s systems.
“They [The IT security advisors] also confirmed that the 386 accounts that were shared by the individual as proof of the attack were accounts that had been obtained in previous hacks unrelated to Superdrug.”

SpringyChicken Thu 23-Aug-18 19:52:02

I had the same email, so did someone I know. We have the loyalty cards so registered online. My friend may have shopped online with Superdrug, but I haven’t. Both of us have changed our passwords.
Do you have a loyalty card too, Auntyflo? Maybe that’s how your email is on the database

SpringyChicken Thu 23-Aug-18 20:02:41

It sounds like hoaxers tried to convince Superdrug of a hack which hasn’t happened. I’m not losing any sleep over it, what’s the point of worrying when I cannot change anything?

The only info I divulged for my card was email address, name and address. I gave a false date of birth and a for my mobile phone number, provided a correct code followed by a load of zeros. I always do that when providing personal details if I consider that they don’t need the true info.

Auntieflo Thu 23-Aug-18 22:11:24

Aah, that will be it then. I did have a loyalty card, but think I destroyed it, as I never used it. Thank you SpringyChicken. Also M0nica for taking the trouble to google it, and find the info. I love GN 😘

Seasider17 Fri 24-Aug-18 07:03:41

Also had the same email Auntiflo, it came through very late last night and I've deleted it too. Like SpringyChicken, I don't give date of birth details to stop someone trying to steal my ID.

Marydoll Fri 24-Aug-18 07:13:49

I got the same email, which was a bit late, considering it was in the papers yesterday.I changed my password immediately.
Some people use the same password for everything, therefore all your passwords may be compromised if your password has.been hacked.
It is highly unlikely that anyone will try to use this info, but better safe than sorry.

OldMeg Fri 24-Aug-18 07:55:48

I got a similar email from Curry’s PC World and again this is genuine.

MawBroon Fri 24-Aug-18 08:05:28

Had something similar from a genealogy website which they claimed Paw belonged too. I checked that there was no subscription therefore no bank details and (politely) just asked them to remove his contact details from their lists as he had died.
Well! I wasn’t expecting the next bit, but they insisted on proof that my message related to him and that my email address was genuine before they would remove his name. I pointed out they had emailed me and asked what part of “dead” thy didn’t understand. They then demanded a copy of his death certificate at which point I flipped. I sent a very stroppy email refusing on the grounds of possible identity theft, repeating my request to remove all contact details, accused them of appalling insensitivity - and then poured myself a stiff wine Scam or genuine, I could have done without it.

OldMeg Fri 24-Aug-18 08:15:24

Maw 😡

toscalily Fri 24-Aug-18 10:28:37

I received this is and it is genuine and I have now changed my password. I have shopped with them in the past so thought their might be a chance it was for real, used my normal procedure, never click on a link, do some research online first re security breaches on the company then open another window if you want to go and sign in and change your password/personal details.

janemar Fri 24-Aug-18 11:11:22

I got the same. When I get these type of emails I go to the site , never from the link in the email, and change my password.

toscalily Fri 24-Aug-18 11:18:45

Apologies, should be there not their. One thing that worries me is that the OP has copied the email including the links. If this had been a scam anyone clicking on those links could presumably be taken back to the fraudulent site. Not a good idea to copy & paste something like this much better to just ask if others had received anything similar.

Willow10 Mon 24-Sep-18 18:12:06

I got this message and tried to change my password. That didn't work so I emailed Superdrug and requested that they remove any of my details held on their database. They came back such a long, complicated instructions and requests I had to remind them that they had contacted me, this was their problem not mine and that they should simply do as I requested. I didn't hear from them again so I assume my email was just ignored.

Marydoll Tue 25-Sep-18 18:21:15

After reading this, I tried to log in, but I was locked out. Asked for a reset for new password, got the link three hours later and when I tried to use it got an error message, saying that my password was wrong and it locked me out again.
There is something not right here. confused
This doesn't really instil confidence in Superdrug! sad

Elegran Tue 25-Sep-18 18:24:34

Do they have a Facebook page and/or a Twitter account to shame them on?

J52 Tue 25-Sep-18 19:13:34

I also couldn’t change my password, which made me think that I dihave one, despite having a loyalty card. Maybe they only have my e mail. I’ve never ordered anything on line.
I do try to avoid on line retail activity.

Mrskipling Wed 03-Oct-18 11:57:39

I went to the website directly, rather than the link in the email. I felt that was safer. I tried several times to change my password but kept getting error messages. In the end I emailed Customer Support and asked them to close the account.

I'm getting tired of all these security breaches. These companies clearly aren't taken good enough care of my information, so I've been closing accounts left, right and centre. It's just not wort it for the sake of a few points and a couple of quid off my next mascara!