Cyber Incident Victim: jö Bonus Club

On or around October 1, 2022, the jö Bonus Club loyalty program experienced a credential-stuffing attack in which cybercriminals attempted to access customer accounts using stolen email addresses and passwords obtained from unrelated third-party sources. The attackers leveraged 2.3 million compromised credentials to systematically attempt logins across the platform's 4.3 million customer accounts. This attack was detected internally by the jö Bonus Club's IT security team through ongoing system monitoring, which identified anomalous login patterns indicative of automated access attempts. The organization promptly implemented countermeasures, including a forced password reset for all affected accounts, requiring users to establish new credentials upon their next login attempt. Forensic analysis confirmed successful unauthorized access in 18,000 instances where customers had reused identical email-password combinations across multiple online platforms.

The attackers monetized compromised accounts in 75 confirmed cases by making fraudulent purchases totaling approximately €4,000 at partner merchants using stolen "Ös" loyalty points. No sensitive personal or financial data was accessed during the breach. jö Bonus Club absorbed the financial impact as a goodwill measure, reimbursing all fraudulently spent loyalty points to affected customers. The organization issued renewed security advisories emphasizing the criticality of password hygiene, specifically instructing customers to create unique passwords exclusive to their jö accounts and avoid credential reuse across digital services. System functionality was fully restored following containment measures, with all transactional capabilities reinstated by the date of the public notification.