jö Bonus Club
| Primary URL | Location | Industry | www[.]joe-club[.]at |
Country
Austria
|
Commercial
|
|---|
Profile
The organisation operates as a loyalty program known as jö Bonus Club, also referred to as joe‑club, with its headquarters in Austria. It provides members with a rewards currency that can be earned through purchases and redeemed at a network of partner businesses. The program maintains customer accounts where members track their points and conduct transactions. Its core service revolves around facilitating loyalty rewards for consumers within the Austrian market.
On 1 October 2022, cybercriminals attempted to gain unauthorized access to the loyalty program’s customer accounts using 2.3 million stolen email‑password combinations obtained from external sources. The attack succeeded in 18 000 cases where members had reused credentials across multiple platforms, leading to fraudulent purchases totalling approximately €4 000 in rewards currency across 75 compromised accounts at various partner businesses. The organisation detected the intrusion through routine monitoring of anomalous login activity and promptly responded by resetting passwords for the affected users. No sensitive personal data was accessed during the incident, and the program voluntarily reimbursed the stolen rewards as a goodwill gesture. Members were subsequently advised to create unique passwords exclusively for their accounts to prevent future credential‑stuffing attacks.
The incident highlighted the organisation’s capability to detect anomalous login activity through routine monitoring and to implement immediate countermeasures such as password resets. Its decision to voluntarily reimburse stolen rewards, despite no regulatory obligation, reflects a customer‑centric approach to incident response. The subsequent guidance to members on password uniqueness underscores an emphasis on promoting credential hygiene as a preventive measure.
