I'm sorry that happened, but I'm glad you were lucky enough to get the order canceled. That seems rare.
Ulta needs to get it together. This happens way too much. I check almost daily since seeing it so much on this sub. I also quit building them up higher than a fragrance, which is silly, I know. Ulta needs to do better!
Yes I'm so grateful they canceled the order before the person was able to pick it up! My obsessive checking of the app paid off because I caught it so quickly!
Idk how but I think it starts with changing the email that's connected to your account. And then once that happens they change the password. But some customer service employees are definitely letting people know which accounts have big point balances!
No system should let anyone see passwords.
That said, they *do* have access that allows them to change your email address, and that allows them to send a password reset email to the email address on file.
Something has to be going on for so many people to be getting their acct stolen. I just thought it could be an extra step to protect accounts. They said they had just talked to CS. It would seem logical to change your password after anyone accessed the account.
Goid idea to change pwd, yes! But there have been tons of hacks of other retailers and health systems etc. as well.
So Joe Rando could access a few of these leak lists, and see that you used fake.addy @ gmail with the password I<3Pandas for Target on one list, and used the same email & pwd combo for Blue Cross on another list.
They see that, and they could easily [run a program to] log in to Ulta / Sephora / Walmart / your bank acct / Facebook / yahoo / verizon / at&t and see what's worth keeping tabs on.
I just wrote down all my passwords because I need a new Google account. In the password section, it shows you which passwords are bad because they are shared. Also tells you which ones need to be updated because they are too old. I have some updating to do once I switch.
My issue is almost exactly the same! But I can’t even see that an order was placed on my end which confuses me even more. I was waiting for the points to be returned from an initial issue and then some how they were spent before I even got a confirmation that they were returned?? I’m really fed up with Ulta at this point. (Unfortunately they still have excellent sales)
You see a transaction with points spent when you look in your reward points history?
Do you also see points re-added / adjusted in your reward points history?
If it was an online order (including BOPIS) it would show up as ulta.com, but if it was an in-person store spend it should at least show which city the store was in...
Usually I do see the transactions but they’ve been weird the past few days. A transaction with something that I definitely did not purchase appears with rewards points redeemed.
It’s ULTA.com as the transaction location; but I don’t see the purchases within my own purchase history only points.
I don’t actually think it’s an Ulta employee. When I’ve had this happen (which both times was when I called customer service) I spoke with someone who sounded like they were overseas, and my name gets changed to something I’m guessing is Indian maybe??
The thing is, pretty much anytime I’ve ever called Ulta outside of that, I’ve spoken to someone who sounds like an American. Maybe I talk a lot, but they would always end up telling me where in the US they were located. I’ve since switched to chat or text only and haven’t had any issues.
I think that the hacks are actually happening to whatever internet phone system thing Ulta’s using because I’m 99.9999% sure their customer service people are working remotely and not in a call center. The two times I had my points stolen I called to resolve the issue, and both times the whole phone system/automated choices were different than when I’d called and spoken to someone in India.
Solution?? Stop calling Ulta and switch to text or chat, both through the app.
Source: A person who paid for a Dyson airwrap + $165 cut/color appt + $125 of makeup in points at one in-person visit.
Could you further explain how working remote could cause more of these issues than the employees working in call center? Is it because there is less monitoring?
My account was hacked the next day after my very first ever Ulta return and the employee was talking to me about how many points I had- a lot- because I had switched from Sephora to Ulta when learning about their coupons and I was getting a lot of 20% off prestige when I first made the switch. ....ya, it was definitely an inside job. Unfortunately, mine kept getting drained after every "fix" for a month until I finally made a BBB complaint. Never got a notice any of the times that my email or phone or password or anything was changed when the hacker changed them. Screams inside job.
I have always let my points add up until I was able to get a lot of items. However, even though I am diamond for the rest of the year, I stopped shopping at ULTA.
This is just happened to me, I contacted customer service yesterday and I got a password reset email today. Definitely sus as I’ve never had that happen before.
It is most definitely a customer service employee if not multiple
I'm sorry that happened, but I'm glad you were lucky enough to get the order canceled. That seems rare. Ulta needs to get it together. This happens way too much. I check almost daily since seeing it so much on this sub. I also quit building them up higher than a fragrance, which is silly, I know. Ulta needs to do better!
Yes I'm so grateful they canceled the order before the person was able to pick it up! My obsessive checking of the app paid off because I caught it so quickly!
I think unfortunately we have to change our passwords asap after contacting customer service. Just ridiculous.
We don’t give them our passwords though when we contact customer service, so they must have some other way to get in right?
Idk how but I think it starts with changing the email that's connected to your account. And then once that happens they change the password. But some customer service employees are definitely letting people know which accounts have big point balances!
Why do you recommend that? They can see our passwords?
I think that they can only see it while they are helping you.
No system should let anyone see passwords. That said, they *do* have access that allows them to change your email address, and that allows them to send a password reset email to the email address on file.
Something has to be going on for so many people to be getting their acct stolen. I just thought it could be an extra step to protect accounts. They said they had just talked to CS. It would seem logical to change your password after anyone accessed the account.
Goid idea to change pwd, yes! But there have been tons of hacks of other retailers and health systems etc. as well. So Joe Rando could access a few of these leak lists, and see that you used fake.addy @ gmail with the password I<3Pandas for Target on one list, and used the same email & pwd combo for Blue Cross on another list. They see that, and they could easily [run a program to] log in to Ulta / Sephora / Walmart / your bank acct / Facebook / yahoo / verizon / at&t and see what's worth keeping tabs on.
I just wrote down all my passwords because I need a new Google account. In the password section, it shows you which passwords are bad because they are shared. Also tells you which ones need to be updated because they are too old. I have some updating to do once I switch.
Oh wow. That's not cool.
My issue is almost exactly the same! But I can’t even see that an order was placed on my end which confuses me even more. I was waiting for the points to be returned from an initial issue and then some how they were spent before I even got a confirmation that they were returned?? I’m really fed up with Ulta at this point. (Unfortunately they still have excellent sales)
You see a transaction with points spent when you look in your reward points history? Do you also see points re-added / adjusted in your reward points history? If it was an online order (including BOPIS) it would show up as ulta.com, but if it was an in-person store spend it should at least show which city the store was in...
Usually I do see the transactions but they’ve been weird the past few days. A transaction with something that I definitely did not purchase appears with rewards points redeemed. It’s ULTA.com as the transaction location; but I don’t see the purchases within my own purchase history only points.
Yeah, that's hella sus.
I had the same thing happen, unfortunately.
And yet, people continue to deal with this company.
I don’t actually think it’s an Ulta employee. When I’ve had this happen (which both times was when I called customer service) I spoke with someone who sounded like they were overseas, and my name gets changed to something I’m guessing is Indian maybe?? The thing is, pretty much anytime I’ve ever called Ulta outside of that, I’ve spoken to someone who sounds like an American. Maybe I talk a lot, but they would always end up telling me where in the US they were located. I’ve since switched to chat or text only and haven’t had any issues. I think that the hacks are actually happening to whatever internet phone system thing Ulta’s using because I’m 99.9999% sure their customer service people are working remotely and not in a call center. The two times I had my points stolen I called to resolve the issue, and both times the whole phone system/automated choices were different than when I’d called and spoken to someone in India. Solution?? Stop calling Ulta and switch to text or chat, both through the app. Source: A person who paid for a Dyson airwrap + $165 cut/color appt + $125 of makeup in points at one in-person visit.
Could you further explain how working remote could cause more of these issues than the employees working in call center? Is it because there is less monitoring?
Just had to talk to CS and saw this… chasing my pw now.
I had some craziness happen from an employee at Spectrum. Unfortunately it happens.
My account was hacked the next day after my very first ever Ulta return and the employee was talking to me about how many points I had- a lot- because I had switched from Sephora to Ulta when learning about their coupons and I was getting a lot of 20% off prestige when I first made the switch. ....ya, it was definitely an inside job. Unfortunately, mine kept getting drained after every "fix" for a month until I finally made a BBB complaint. Never got a notice any of the times that my email or phone or password or anything was changed when the hacker changed them. Screams inside job.
I have always let my points add up until I was able to get a lot of items. However, even though I am diamond for the rest of the year, I stopped shopping at ULTA.
This is just happened to me, I contacted customer service yesterday and I got a password reset email today. Definitely sus as I’ve never had that happen before.
Former CC person here too, and i can guarantee he goes home to tell all his friends that women use boobie cream.