Loyalty programs are 'a honey pot for hackers,' says report

As rewards programs grow increasingly digital, hacks are becoming more common, experts tell The New York Times.

Shelby Brown Editor II
Shelby Brown (she/her/hers) is an editor for CNET's services team. She covers tips and tricks for apps, operating systems and devices, as well as mobile gaming and Apple Arcade news. Shelby also oversees Tech Tips coverage. Before joining CNET, she covered app news for Download.com and served as a freelancer for Louisville.com.
  • She received the Renau Writing Scholarship in 2016 from the University of Louisville's communication department.
Shelby Brown
2 min read

That loyalty app might know a lot about you and how you spend your money.

Benjamin Torode / Getty Images

Using an loyalty app that could save you a few dollars at your favorite restaurant or clothing store might seem harmless. That's exactly what hackers are counting on, according to report Saturday from The New York Times.

One billion dollars is lost each year to online loyalty program-related crime, one security group estimated, according to the Times. In addition, such crimes doubled from 2017 to 2018, according to Javelin Strategy and Research firm.

Kevin Lee, a risk expert for the digital security firm Sift, told the Times that loyalty program apps are "almost a honey pot for hackers" and provide "the path of least resistance" to personal information. Lee said the loyalty programs are easy to sign up for, the passwords are weak and aren't always used frequently.

According to the report, loyalty programs can reveal valuable personal information like your favorite food or flavor, shopping locations, when you're hungry or thirsty, how you pay for items and billing details and contact information. The programs are attractive to hackers since they're so tailored to personalized customer experience. Emily Collins, an analyst with Forrester Research, told the Times companies that create the apps have "oceans of data and puddles of insight" and it's often "more than they can actually use."

Data stolen in breaches typically gets sold in black markets to criminals who use it for fraud and identity theft. That's what makes data breaches dangerous to everyday people. If you learn that your data was stolen from a loyalty program or any other service, the Identity Theft Resource Center offers a tool to help you decide how best to protect yourself.

Watch this: Finding our personal data on the dark web was far too easy