A TikToker claims that she discovered a phone number on an ex’s phone that belonged to another woman. She then allegedly decided to randomly use that number while shopping at an Ulta store to discover the woman’s name and then redeem all of her rewards points for herself.
The creator, Brittany DeSha Rowe (@brittanydesharowe), wrote in the caption for the post: “Always be savage af.”
Her video received over 938,000 views as of Friday.
@brittanydesharowe Always be savage af 🤷🏼♀️ posting a draft out of boredom#CatchChobaniOatmilk #AmazonVirtualTryOn #MakeASplash #drafts #itsajoke ♬ TAG ME FOR DANCE CREDS – BarieSmackathotひ
“Thinking about that one time I saw a random number on my exes phone and used the number at Ulta to find out her name and take all of her reward points,” Rowe wrote in a text overlay for the now-viral TikTok.
Ulta’s Ultamate Rewards Program is a free-to-join promotion where “you earn 1 point for every $1 you spend. Platinum members earn 1.25 points for every $1 (25% more) and Diamond members earn 1.5 points (50% more!).” So if you’re a heavy-duty Ulta shopper, those points can really add up.
Many retailers and businesses, instead of forcing customers to carry around cards or barcodes, simply look up a customer’s phone number in order to apply rewards points to their account and look up their personal information. There is no verbiage on the site’s official policy page for the Ultamate Rewards program that states there’s a minimum/maximum number of points a customer can redeem at any given time or that an ID needs to be checked.
In the comments of Rowe’s video, viewers applauded her quick-thinking and points-thieving ingenuity.
“Yooo. you def just unlocked the code we never knew existed,” one viewer commented.
“Oh that’s smart!!!” another wrote.
“You smartttt!!!!!! Off to check this one number I saved yrs ago,” a third said.
Even an alleged former Ulta employee chimed in. “As a former ulta manager I would’ve redeemed those points for you bestie no questions asked,” they wrote.
Others argued that because the other woman wanted to “share” her boyfriend in the first place, it was “only fair” that they share Ulta points too.
“She’s the one who wanted to share,” one user said.
“I mean it’s only fair. I thought we was sharing sis,” a second added.
The Ulta Beauty official TikTok account even commented “OMG.” Rowe responded, “It’s a joke,” followed by a laughing emoji.
Some claimed that it is store policy to check a person’s ID before they are allowed to redeem points over a certain amount. “And this is why they have to check your ID if you want to use over 1000 points,” one viewer commented. However, this is not noted on Ulta’s official policy page.
“Loyalty fraud” is reportedly becoming an increasing problem, with hackers finding out personal information of individuals along with persistently used email/password combinations in order to access these points that can be redeemed for products online.
The Points Guy, a site dedicated to credit card usage and reviews, cited a report from cybersecurity company Akamai, which “shows there were over 100 billion credential stuffing attacks between July 2018 and June 2020. These attacks are when a hacker uses stolen passwords to gain access to other accounts owned by the same person.”
Whether utilizing passwords or simply a phone number to access others’ rewards accounts, loyalty program fraud can reap large benefits for hackers, according to Payments Journal. “With over $140 billion in unspent loyalty points in the United States, according to data from Gartner, this fraud vector can be very lucrative for criminals,” they reported. “[The Loyalty Security Association] estimates that $3.1 billion in redeemed points are fraudulent, a clear indication of the amount of money at stake.”
The Daily Dot has reached out to Rowe via TikTok comment and Ulta via email.
Source: https://www.dailydot.com/irl/other-woman-ulta-rewards-points/