Security breach reported on Wiggle’s customer accounts

A number of shoppers with online retail giant Wiggle have reported a suspected security breach, a situation now confirmed by the retailer.

Some customers have reported goods ordered on their accounts without their instruction, as well as saved data allegedly being altered without their action.

In response to the unfolding situation, CEO Ross Clemmow has now personally issued a statement reading:

“Data security is of the utmost importance to us. We’ve investigated the isolated incidents where accounts have been accessed, and we understand a small number of customers’ login details have been acquired outside of Wiggle’s systems and some have been used to gain access to Wiggle accounts and purchases made. We have taken steps to identify these compromised accounts and we will be individually  contacting these customers. All impacted customers will be refunded. To protect our customers, all accounts will require the re-entry of card details for the next purchase. We are aware that where customers utilise the same password across multiple websites, fraudsters with access to some details can feasibly use these to try and gain access to genuine customer accounts. We recommend our customers change their password if they have any concerns. We would like to assure our customers we’re prioritising all enquiries related to this issue.”

As an additional security measure, Wiggle customers will now be required to re-enter their card details on future transactions, CI.N was informed.

Social media posts targeting the retailer are now stacking up across Facebook, Trustpilot and Twitter, with some reporting unusual activity as far back as May 18th.

Wiggle earlier in the day issued a statement in response to an initial Road.cc story flagging the social media complaints.

“We take data security very seriously at Wiggle. We are aware of some isolated incidents of accounts being accessed with details obtained outside of our systems and we are working with those customers to put the situation right. Please update your password if you have any concerns,” said the retailers’ social media account.

The social media team has begun to acknowledge and respond to some concerns, suggesting they have made an investigation of a potential security breach a priority for affected accounts.

Where customers utilise the same passwords across multiple platforms, fraudsters with access to some details can feasibly try their luck on multiple platforms, should they have multiple data points on the victim. This is, from an online retailer’s perspective, the reason why strong and unique passwords come highly recommended, if they are not mandatory.

It is not yet known whether this incident is isolated solely to Wiggle, or whether customer details have been obtained from outside. The website haveibeenpwned.com can provide insight into whether your details have ever been accessed by hackers.