Latest News

Loblaw Resets All PC Plus Passwords Following Security Breach

Loblaw Resets All PC Plus Passwords Following Security Breach

By Simon Hung

If you’re a member of the popular PC Plus loyalty program, you’ll need to create a new password to access your account, because Loblaw has reset all account passwords following a security breach.

PC Plus is used in over 20 Loblaw-owned grocery stores across Canada and this is the second time in less than a month that the company has issued a security notice to its members regarding the breach, which compromised an unknown number of accounts and resulted in points being stolen.

Upon entering the PC Plus site or opening the app, all members will need to create a new password, even if they had already changed them recently -- note that password changes cannot be done through the app and must be done via their website. Loblaw has issued a statement saying that the breach was likely a result of some members using weak username and password combinations across multiple sites.

It’s unknown when exactly the breach occurred, but a thread was created in our Shopping Discussion forum in December 2016 after a member discovered that their points were missing. Any PC Plus members who suspect their points were stolen should contact customer service via email or phone (1-855-672-7587) to have their points reimbursed.

39 Comments

    • You should probably change your password for the PC Plus website, especially if you use the same password anywhere else.
    • Report Post
    • What are some theories on how this can happen? Can some tech people chime in? Could it be that the company website got hacked?
    • Report Post
    • GeeCee wrote:
      Dec 30th, 2016 4:06 pm
      You should probably change your password for the PC Plus website, especially if you use the same password anywhere else.
      In theory, you shouldn't be using the same password for more than one site.
    • Report Post
    • Just a little update, we did change our password, but that password is different than our other ones.

      I did ask if their site got hacked, and they said no, but what will they say. It will take 5-7 days to clear up they said, but they think it should be sooner because I am not the first.

      Also, on your profile, everyone should check, the person had added their iPhone directly into my account and I had to delete them Out
    • Report Post
    • Macx2mommy wrote:
      Dec 31st, 2016 12:28 am
      Just a little update, we did change our password, but that password is different than our other ones.

      I did ask if their site got hacked, and they said no, but what will they say. It will take 5-7 days to clear up they said, but they think it should be sooner because I am not the first.

      Also, on your profile, everyone should check, the person had added their iPhone directly into my account and I had to delete them Out
      I'm sorry that happened, but I'm really interested to know how you accumulated that high of a balance. I'm impressed.
    • Report Post
    • We have over 620k in points. It's not hard when you have a PCFWE MasterCard.

      OP >> Make sure that you check the cards on your account. Set most of them to collect points only and only set the one you use the most to collect and redeem. It's possible that the linked the guys iPhone to the wrong account.
    • Report Post
    • dgnr8 wrote:
      Dec 31st, 2016 1:14 am
      I'm sorry that happened, but I'm really interested to know how you accumulated that high of a balance. I'm impressed.
      That's actually only from 2016 spending. It's a combo from bonus points (I don't really look that hard, just what is loaded) and primarily the World Elite card which I only use at superstore, and Costco.
    • Report Post
    • jackrabbit000 wrote:
      Dec 31st, 2016 1:18 am
      We have over 620k in points. It's not hard when you have a PCFWE MasterCard.

      OP >> Make sure that you check the cards on your account. Set most of them to collect points only and only set the one you use the most to collect and redeem. It's possible that the linked the guys iPhone to the wrong account.
      I did see the other persons phone linked, however I do find it suspicious that this is the ONLY tranasction with that phone (nothing previous, and the amount purchased was $508 and they clean put my account.

      I don't think this was an accident, and the PC rep said there have a been a few cases very recently happening, so he was not surprised. That's why I made my post to tell everyone to check their points. I caught it two days after, but normally I would never check.

      You are right about checking the cards linked. That's what they had me do on the phone. I also have all my cards to redeem only right now.
    • Report Post
    • jackrabbit000 wrote:
      Dec 31st, 2016 1:18 am
      It's possible that the linked the guys iPhone to the wrong account.
      The only way to add a mobile/phone digital card to your account is to sign into your account on that phone. You're not going to do that with a stranger's account by accident.
    • Report Post
    • I got an email about this recently as well...
    • Report Post
    • had the same thing happen to me today, had over 500k points stolen via phone app, how is this possible???? The rep told me they would need to know my personal info to change the information to their email/name...wth!
    • Report Post
    • For all you people with so many points... why?? Just redeem them every chance you get. What are you hording for? Groceries are everyday items.
    • Report Post
    • I checked my points and nothing was stolen. I don't use PC Plus.
      Hellfire wrote:
      Jan 1st, 2017 1:47 am
      For all you people with so many points... why?? Just redeem them every chance you get. What are you hording for? Groceries are everyday items.
      I can't even count how many PC Points I've redeemed, but it's easily over $1000 worth (1,000,000 points). Some people save up their points until Christmas so they can do all of their Christmas groceries. Others might be saving for some specific in-store item like a TV or video game system.

      That said, I don't think PC Points will have the same problem that Air Miles did. 20,000 points converts to $20 in cash, however, inflation moves onward and upward. PC used to have a big points redemption store where you could get all kinds of merchandise, but they canned it in favour of cash redemptions. This makes sense to me since it removes the need to actively de-value points due to inflation. The value of the dollar goes down automatically, so inflation solves your problem. Bottom line, it's smarter to use your points right away.
    • Report Post
    • Hellfire wrote:
      Jan 1st, 2017 1:47 am
      For all you people with so many points... why?? Just redeem them every chance you get. What are you hording for? Groceries are everyday items.
      Not really hording them, just never get around to using them. 99.9% of mine are from my PCFWE MasterCard.
    • Report Post
    • Some people, including me, like to accumulate a considerable CB amount then use it all at once. You will get superb feeling by doing that.

      Redeem at soon as it reaches $20.

      OR

      Redeem a vacation/flight package when it reaches $1000.

      On which you will feel WOW?
    • Report Post
    • jan25 wrote:
      Jan 1st, 2017 1:28 am
      had the same thing happen to me today, had over 500k points stolen via phone app, how is this possible???? The rep told me they would need to know my personal info to change the information to their email/name...wth!
      Just curious, what city did the transaction occur.

      My password for my email is different than my PC one. Plus I use alias for extra security.
    • Report Post
    • Hellfire wrote:
      Jan 1st, 2017 1:47 am
      For all you people with so many points... why?? Just redeem them every chance you get. What are you hording for? Groceries are everyday items.
      For me to get $10 or $20 off a grocery bill doesn't really matter nor does it make a difference. However, I redeem once a year in January and end up getting my months of PC groceries free. That seems to make a difference. It helps offset the Xmas spending a bit too.

      Redeeming once a year doesn't seem like hording too long.
    • Report Post
    • Hellfire wrote:
      Jan 1st, 2017 1:47 am
      For all you people with so many points... why?? Just redeem them every chance you get. What are you hording for? Groceries are everyday items.
      For me to get $10 or $20 off a grocery bill doesn't really matter nor does it make a difference. However, I redeem once a year in January and end up getting my months of PC groceries free. That seems to make a difference. It helps offset the Xmas spending a bit too.

      Redeeming once a year doesn't seem like hording too long.
    • Report Post
    • Did you guys that lost points use the "Click and Collect" service recently? I noticed a random card added to my account called "Click and Collect". Just wondering if it may have been an inside job seeing that they could just add a "card" to my account without my consent.
    • Report Post
    • themank wrote:
      Jan 1st, 2017 6:04 am
      Did you guys that lost points use the "Click and Collect" service recently? I noticed a random card added to my account called "Click and Collect". Just wondering if it may have been an inside job seeing that they could just add a "card" to my account without my consent.
      That's normal: when you sign up to Click and Collect you add your PC card number and a new account is created called "Click and Collect" under you cards. (You actually consented when you added your PC card number)
    • Report Post
    • lecale wrote:
      Jan 1st, 2017 6:08 am
      That's normal: when you sign up to Click and Collect you add your PC card number and a new account is created called "Click and Collect" under you cards. (You actually consented when you added your PC card number)
      Oh ok, that makes sense!
    • Report Post
    • Also received an email from PC plus, as they locked my account for points redemption. I need to contact PC plus services if I want to redeem my points, I would like to keep them locked until I want to redeem them, I think its more secure that way. I am also from Alberta. Looks like only happening to Alberta accounts.
    • Report Post
    • I'm still surprised how there is no security on the physical cards for reward programs (eg: PC Points, Scene). If someone finds/steals your card, they are free to cash-in all your benefits. I wonder what the advantage is to corporations for not implementing a PIN system as basic security.
    • Report Post
    • My account was hacked a few weeks back. Stole 510k points. PC Plus did return the points... promptly spent on a new TV on boxing day.

      Made by a individual in Brampton.... Im in Ontario as well.
    • Report Post
    • transaction was made in Quebec. I changed all passwords and security questions. Starting to wonder if PC Plus had a security breach...
    • Report Post
    • jan25 wrote:
      Jan 1st, 2017 2:07 pm
      transaction was made in Quebec. I changed all passwords and security questions. Starting to wonder if PC Plus had a security breach...
      If they did they are currently breaking the new Bill S-4 and should be fined into oblivion to set an example.
    • Report Post
    • EdisonL299 wrote:
      Jan 1st, 2017 2:19 am
      Some people, including me, like to accumulate a considerable CB amount then use it all at once. You will get superb feeling by doing that.

      Redeem at soon as it reaches $20.

      OR

      Redeem a vacation/flight package when it reaches $1000.

      On which you will feel WOW?
      Then when you redeem $20, transfer $20 to a separate savings account.
      The net out of your pocket is the same, but you can still say "Wow, I've got $1000 now"
      Better in your pocket than theirs... (and you can earn interest on it as it accumulates)

      The only reason to hoard points is if you are hoping for one of their bonus redemption days and possibly increase the amount by 10-15%.
    • Report Post
    • As a precaution, I went in and changed my PW for PC Points.
    • Report Post
    • aqnd wrote:
      Jan 1st, 2017 7:22 pm
      Then when you redeem $20, transfer $20 to a separate savings account.
      The net out of your pocket is the same, but you can still say "Wow, I've got $1000 now"
      Better in your pocket than theirs... (and you can earn interest on it as it accumulates)

      The only reason to hoard points is if you are hoping for one of their bonus redemption days and possibly increase the amount by 10-15%.
      For me, the interest earned purely by the rewards is not worth doing the extra work (open extra account, transfer rewards every month, etc). How much extra can you get by doing that? Probably a few bucks a year?
      I accumulate a LARGE amount CB then use all/most of it at once. It not only gives me a feeling of WOW, but also stops me from spending more and more. For example, This month I only have 500$ budget and I've already spent 480$, but I still want to buy something 50$. If I have a habit of redeeming available rewards, I will probably go for it lol.

      People will not care much about a small amount of money, but will think seriously about how to use it if they are going to redeem 1000$ CB.
    • Report Post
    • Jucius Maximus wrote:
      Jan 1st, 2017 8:44 pm
      As a precaution, I went in and changed my PW for PC Points.
      If you use Click and Collect, change that password too.
    • Report Post
    • Their passwords restriction make it useless. Only alphanumeric 8 characters max? This is 2017, at least support 64 random ascii characters generated here or locally. Oh and accept characters + and . in emails name prefixes aka Local-part.
    • Report Post
    • Firefoxer wrote:
      Jan 1st, 2017 8:59 pm
      Their passwords restriction make it useless. Only alphanumeric 8 characters max? This is 2017, at least support 64 random ascii characters generated here or locally. Oh and accept characters + and . in emails name prefixes aka Local-part.
      Both my PC Plus and Click and Collect passwords are over 8 characters and include special characters.

      So, huh?
    • Report Post
    • Firefoxer wrote:
      Jan 1st, 2017 9:19 pm
      I get "Your password is limited to 8 characters." on https://www.pcplus.ca/loyaltyMyAccount. ... n_Password and doesn't save it when I use one that have special characters in it.
      I just added another special character to my password to make it length 10 and successfully changed it and successfully changed it back from that same page. No problems.
    • Report Post
    • EdisonL299 wrote:
      Jan 1st, 2017 8:52 pm
      For me, the interest earned purely by the rewards is not worth doing the extra work (open extra account, transfer rewards every month, etc). How much extra can you get by doing that? Probably a few bucks a year?
      I accumulate a LARGE amount CB then use all/most of it at once. It not only gives me a feeling of WOW, but also stops me from spending more and more. For example, This month I only have 500$ budget and I've already spent 480$, but I still want to buy something 50$. If I have a habit of redeeming available rewards, I will probably go for it lol.

      People will not care much about a small amount of money, but will think seriously about how to use it if they are going to redeem 1000$ CB.
      The interest wasn't the point. That's just bonus on top.
      Just giving you a suggestion that takes basically no effort (I can open a new account in <10s and transfer in 2s while I'm doing other banking), but ensures you will not lose your CB or it be devalued at some point.
      They won't be able to literally devalue it ($) by law, but that doesn't mean it can't be of less value to you in other ways (e.g. if you save it up for travel and they stop letting you redeem for travel and you're at $900, what would you do?)
      I'd rather cash it out on my terms ASAP and use it how I please instead of having some future unknown.
      The second account suggestion was just for those who like to see it accumulate (for whatever reason you may want to keep it separate).
      It comes down to save it in their "bank account" or your bank account.
      I know which I prefer.
    • Report Post
    • lecale wrote:
      Jan 1st, 2017 9:26 pm
      I just added another special character to my password to make it length 10 and successfully changed it and successfully changed it back from that same page. No problems.
      What browser do you use?
      Tried mozilla's seamonkey and firefox based cyberfox.

      I don't understand what is going on. Screenshot here:
    • Report Post
    • Firefoxer wrote:
      Jan 1st, 2017 9:46 pm
      What browser do you use?
      Tried mozilla's seamonkey and firefox based cyberfox.

      I don't understand what is going on. Screenshot here:
      Sorry, I should have said: I'm in Chrome. I had to hit enter while sitting in the second textbox after cut-and-pasting my passwords in to get the Change Password button to turn orange and activate, but other than that, no technical issues.
    • Report Post
    • Just checked my account. Safe! But very strange, PCplus and PcPoints both have balance. Should they combine together?
    • Report Post
    • lecale wrote:
      Jan 1st, 2017 9:50 pm
      Sorry, I should have said: I'm in Chrome. I had to hit enter while sitting in the second textbox after cut-and-pasting my passwords in to get the Change Password button to turn orange and activate, but other than that, no technical issues.
      I've changed my browser user agent to Chrome 41, pasted something longer and it just automatically cuts to the first 8 characters.
      Does it show more than 8 black circles?

      If it does show more than 8 then somehow the password limit lock doesn't work in your browser.
      Can you check the source code of the page
      I get maxlength="8" on id="profile_password1"
      Same maxlength on the login page.:
    • Report Post