Close this search box.

New Security Alert Issued to All Woolworths Everyday Rewards Members


An app vulnerability leaves Woolworths customers furious with reports that the company’s Rewards cards were hacked.

Upon collecting 2000 points in Woolworths’ loyalty program, shoppers can receive $10 Everyday Rewards Dollars.

Several customers have taken to the OzBargain forum to report points had been stolen, and many were also concerned that their personal information had been compromised.

A vulnerability exists in an app functionality that allows anyone to enter a random card number and find a card’s point balance. After entering the number in a rewards card app, the barcode can be produced, which can then be scanned at Woolies checkouts to claim a discount.

OzBargain user jjj123 said, “Applied [for] the card last month with 5000 points bonus, I received the card today, login, and found the points were used in [another] state two weeks ago. Someone shopped the points in The Ponds and Kingsgrove in NSW. Anyone same situation with me? Who can access the card number before me? The envelope received today sealed in a unopened condition.”

Ricoguy added: “My card had $20 redeemed at Kingsgrove as well. I know you need a password to redeem Flybuys money at Coles but apparently you just need to scan the card to redeem your money at Woolworths which is quite a big loophole.”

In response to customer feedback, Woolworths said it was monitoring the issue. “Although our investigation shows there is no issue with the functionality and security of the app, we are reviewing how the app experience can be better improved to provide further assurances for customers,” he said.

Protect your account from exploitation:

To ensure the security of your Everyday Rewards account, Woolworths has shared these tips:

  • Ensure that the passwords for all your online accounts are unique, including your Everyday Rewards password.
  • Make your passwords stronger by including numbers and special characters like ILOVE2ReadB00ks! and 2beornot2B?
  • Don’t trust calls, SMS, or emails that don’t seem genuine. Pay attention to who is contacting you. Your login information will never be requested by phone or SMS from Everyday Rewards.
  • Log out of your accounts and lock devices as soon as you’re finished.

You might also be interested in: Cyber Security Guide
Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →