Facebook Debuts Bug Bounty ‘Loyalty Program’

Facebook has lifted the curtain on what it claims is an industry first: A loyalty program as part of its bug-bounty offering, which aims to further incentivize researchers to find vulnerabilities in its platform. The loyalty program, called “Hacker Plus,” offers bonuses on top of bounty awards,...

Amazon Prime Day Spurs Spike in Phishing, Fraud Attacks

Cybercriminals are tapping into Amazon’s annual discount shopping campaign for subscribers, Prime Day, with researchers warning of a recent spike in phishing and malicious websites that are fraudulently using the Amazon brand. There has been a spike in the number of new monthly phishing and...

Loyalty Cards Targeted in Tesco Clubcard Attack

U.K. supermarket giant Tesco is warning on a credential-stuffing attack that potentially affects 600,000 members of its Clubcard loyalty program. It said that it detected cybercriminals trying out different name and password combos, gleaned from a database of stolen usernames and passwords for...

TGI Fridays Delivers Customer Indigestion Over Data Exposure

Customers of TGI Fridays Australia were “strongly recommended” to change their MyFridays membership rewards program passwords. According to an email sent to customers this week, the company had inadvertently left sensitive loyalty program data exposed on the internet. News of the leaky server...

Double-Stuffed: Dunkin’ Hit by Another Credential-Stuffing Attack

Dunkin’ Donuts may have just launched its first double-filled doughnut, but another doubling up is not quite as tasty. The chain has suffered its second credential-stuffing attack in three months. Like the first incident, the attack targeted pastry aficionados that have DD Perks accounts, which i...

Dunkin Donuts Perks loyalty data breach: Change your password

By Waqas Dunkin Donuts says it has suffered a data breach in which customer data of its DD Perks loyalty program may have been stolen - The DD Perk is a reward program for the company's regular customers. According to a now-inaccessible security advisory, Dunkin Donuts stated that the data breach...

Vend VDP: Race Condition : Exploiting the loyalty claim https://xxx.vendhq.com/loyalty/claim/email/xxxxx url and gain x amount of loyalty bonus/cash

Hey Team! I love loyalty bonuses, that turns first time users into returning customers , but sometimes loyalty can be exploited, just like in this chase. LT:DR A firtstime loyalty customer will get x times the amount of loyalty bonus from the story by racing the loyalty link x amount of times in...