Security News > 2020 > June > No Wiggle room: Two weeks after angry bike shop customers report mystery orders on their accounts, firm confirms payment cards delinked

Brit cycling equipment shop Wiggle confirmed to The Reg today it was delinking customers' payment cards from their accounts, two weeks after first receiving complaints that orders were appearing on customers' accounts that they had not made themselves.

Ross Clemmow, CEO at Wiggle, told The Reg: "[W]e understand a small number of customers' login details have been acquired outside of Wiggle's systems and some have been used to gain access to Wiggle accounts and purchases made.

Customers first began making the apparently fraudulent orders public as far back as 2 June, with irate cyclists complaining both that mysterious orders were appearing in their accounts and that their account credentials had been changed without their knowledge.

The Register has asked the UK watchdog whether Wiggle has done so.

Wiggle has been in touch to tell us: "It has been in the last 24 hours where Wiggle has seen a small but still significant spike in alerts by customers and has devoted additional resources to responding to these inquires and introduced additional steps, such as delinking payment cards, as a precaution. As mentioned Wiggle is also recommending customers update their passwords for further protection. Wiggle is also currently working with the ICO and following their guidance."

News URL

https://go.theregister.com/feed/www.theregister.com/2020/06/16/wiggle_cycling_website/