TESCO temporarily removed Hotels.com from its Clubcard offers after scammers guessed the discount codes and sold them on the black market.
The supermarket pulled the voucher offer, which allowed customers to bag between £200 and £750 off hotel rooms with Hotels.com, after it was alerted to the fraud back in March this year.
Tesco temporarily pulled a Hotels.com Clubcard reward after hackers were found selling
The issue has now been resolved and the offer reinstated, but it means that millions of Tesco shoppers were potentially denied the reward for being loyal customers.
Cyber security group CyberNews spotted the hack four months ago, after discovering that the one-off promotional codes were being sold for hundreds of pounds on two hacker forums.
The cybercriminals were able to decipher the 13-digit codes generated by Hotels.com that customers use to claim the discount when booking online.
Fraudsters could then use the discount codes to bag money off upcoming trips.
Only a limited number of the codes were issued by Hotels.com and could only be used once, so codes that had been guessed and sold on before being issued meant that loyal Tesco shoppers were left out of pocket.
Tesco’s loyalty scheme has 19million members.
It’s not clear how many of the codes were sold on but up to four million potential codes were up for grabs, according to CyberNews.
Once it was alerted to the breach, Tesco temporarily withdrew the deal and either reimbursed or replaced vouchers for customers who were affected.
Shoppers who believe that their codes may have been affected are being urged to contact the Clubcard support team, where cases are being reviewed individually.
Expedia – the firm behind Hotels.com – have also taken measures to prevent this from happening again once it became aware of the scam.