ID Verified
Received this email overnight from New World:
-----------
Dear customer,
We’re writing to inform you of a recent cyber security incident affecting a number of New World Clubcard accounts. Your account has not been affected.
Our technology team has identified suspicious external activity where scammers have attempted to gain access to accounts by trying commonly used passwords across many usernames. Based on our investigation, it appears that some New World Clubcard accounts with weaker or reused passwords may have been accessed without the cardholder’s authorisation.
New World’s systems have not been breached. The issue has arisen because some Clubcard customers’ passwords have been determined by scammers and compromised.
As a precautionary measure and in line with best security practices, we recommend that you please reset your password. Go to clubcard.co.nz, log into your account, click on ‘Account Details’ and then click on the ‘Change Password’ icon. We recommend a more secure password version using these 6 recommendations, and if you use the same password on other services, we strongly recommend changing those as well.
- Use at least 12 characters
- Longer passwords are harder to crack.
- Mix character types
- Include uppercase, lowercase, numbers, and at least one of these symbols (!@$%^&*()_+=-{};:'",.<>?|~`). Note # is not a valid symbol to be used.
- Avoid common words and patterns
- Don’t use easily guessed words like password, 123456, or qwerty.
- Don’t use personal information
- Avoid names, birthdays, or addresses.
- Use passphrases
- Combine unrelated words into a phrase (e.g., BlueTiger!Drinks7Coffee).
- Make each password unique
- Don’t reuse passwords across different accounts.
Urgent steps we are taking to protect all New World Clubcard holders
We are monitoring for any further malicious activity and our team is working closely with cybersecurity experts to ensure your data remains secure.
We sincerely apologise for any inconvenience. Your privacy and security are extremely important to us, we have taken these actions to protect you and strongly recommend you established a refreshed and strong password.
Thank you for your prompt attention to this matter.
-----------
I use long complex passwords and attempt to use as many non alpha-numeric characters as possible.
Any one know why the # (pound or hash) character is unable to be used in a password on many sites? I have encountered this on many sites, whereas elsewhere other sites happily accept that character.
Trusted
