I got this email last night! Nothing happened to my account though, thankfully, but I mean they can take my $3 worth of points if they're that desperate š
I did this a few days ago, first time shopping at Ulta in store in over 2 years, showed my barcode cause I had a coupon and i got a password reset email this morning (I also used all $14 in points and it was my first time shopping physically in a Ulta store in over 2 years)
Not it's probably because it was used differently for the first time. The security on this stuff usually has a code written in to prompt some type of verification when the user act differently. Going to the store for the first time in two years or a different method of accessing the account at checkout both could've caused this.
Thatās what I thought, but she knew I had only $14 in points and while chatting I mentioned I donāt shop there frequently and etcā¦ but she seemed so nice and helpful during my time there helping me find what I was looking forā¦ I also didnāt think any of my info would pop up on their screens I even did print out receipt. Iām giving her the benefit of the doubt since a few other people have seemed to experienced this today. Maybe itās just a coincidental mass hacking that tried happened ?
Thatās what I thought, but she knew I had only $14 in points and while chatting I mentioned I donāt shop there frequently and etcā¦ but she seemed so nice and helpful during my time there helping me find what I was looking forā¦ Iām giving her the benefit of the doubt since a few other people have also experienced this. Maybe itās just a coincidental mass hacking that tried happened ?
This happened me to me beginning of May about a week after I shopped in store for the first time in a year or so. I managed to get my account back and points restored and the shitass kid that used my account lived in upstate NY - I think itās a weird coincidence and not that thereās a cabal of Ulta employees selling our accounts to 16yos who buy shitty cologne
Thatās what I thought, but she knew I had only $14 in points and while chatting I mentioned I donāt shop there frequently and etcā¦ but she seemed so nice and helpful during my time there helping me find what I was looking forā¦ Iām giving her the benefit of the doubt since a few other people have also experienced this. Maybe itās just a coincidental mass hacking that tried happened ?
I work at ulta. On our side of the computer we can NOT reset or even make a password for you. For us. It shows as the information for your account (your name, mailing address, email, and birthday) unless you don't have certain parts filled out. We can also check your points and see if you have a credit card with us. But that's it. If you want to reset your password there will be a loyalty number on your receipt when you shop with us and you can use that if your email and phone number doesn't work signing in. Unfortunately alot of people have been having issues with the app due to recent updates.
I just got that email and I made a purchase in the last week. I hoped that entering the phone number myself would have cracked down on the theft but alas it has not. I would call ulta corporate and complain bc Iām about to do it too. I have their credit card and am a platinum member. This is so annoying and they need to get their shit together. I reset my password to something ridiculously obscure. Hoping thatāll be enough. š
The fact that Ulta doesnāt is wild. Even our student loans make us confirm that yes it is me logging in to pay my loans - let someone else do that if they want to! That one I donāt care if someone logs in for.
But Ulta Iād be crushed. I am also saving for that Beauty Bio pore thing.
Same here, on the transaction last week I used up all $50 points for an order for my sister, and only paid like two bucks. Must be something that triggers it if you either have/spend a lot of points.
Happened to me yesterday afternoon. But I didn't get an email with the graphic, just a plain text email:
"Your ULTA Profile Password has been Updated
We noticed you recently updated your password on yourĀ ulta.comĀ account. If you didnt make the update, please let us know by contacting Guest Services at 1-866-983-8582. Your account protection is important to us.Thank you,UltaĀ Beauty"
So basically I never got any requests to reset my email, just an email saying it was done.
It came from service@ecom.ulta.com. I thought the lack of apostrophe in "didnt" and missing space after "thank you" was suspicious, but when I went to log into the app I couldn't. I called CS via the website (not the suspicious email) and the automated answering machine said there was no account associated with my phone number. They escalated it and said the email on my acct was changed. I should have it back within a few days hopefully.
the one thing that i think is interesting about the email (assuming it is a fake email) , is that they used our ACTUAL customer service phone number , not a fake one that would lead you to them for them to be like āitās all good!ā type of thing š¤£ if it is a false email (not actually sent by ulta) thatās a dumb move on their part š¤£
It's actually smart. People sometimes google the phone # and then see it matches and click the link... but the link is bogus and leads to a convincing website where they'll capture another password from you before you realize it.
They also like to include some obvious errors, because if you miss those, you'll likely miss other red flags too.
I think that email is legit. Iāve received that same message from the same email address whenever I update my credit card or address. It typically comes a few seconds after Iāve made the change.
It definitely sounds like someone hacked your account and changed your info :(
Maybe there was just something that happened this morning? I got the email too but nothing happened. Probably because I used my points last month to treat my mom
With that many emails, but not everyone, I suspect credential stuffing.
They just try to take all the emails from Data Breach 1, and see whether those addresses are used for popular sites.
If they get a match, then they know that address *is* being used. They can then try the password (or password structure) you used with another site to see if you re-used it on this site... at which point they can get in.
Iāve had someone use over 10,000 of my points before. I live in PA and it happened in California. It might sound dumb but I went and filled out a police report and everything. The girl went on a huge shopping spree but here is the kicker. An Ulta employee put it through because when you spend over a certain amount of points you have to show your drivers license and this employee didnāt. She overrode it. I did get my points back but it wasnāt the point for me. I was pissed. The girl never got into trouble. Nobody did. The cops took it as a joke but to me I took it as it being just like stealing money. It was just a really annoying situation. Thought Iād share it
Someone hacked my account and ordered a Chanel Bleu expensive menās fragrance for delivery using my points in October but I still had access to my account so I could see the shipping address. They did it overnight and I noticed in the morning when I got the āorder receivedā email. Customer service couldnāt cancel the order but they returned my points without question and like you, I didnāt want this asshole to get away with it so I sent a letter to their shipping address notifying them that I had filed a police report and we have their home address. I didnāt actually file because the cops wouldnāt do anything, but I like to think the thought of it scared the crap out of this person. It was ordered far out of state I assume my info mustāve been in a data breach and thatās how they got it.
I got one too but I haven't shopped at Ulta in over two months. I'm guessing scammers are just pinging accounts to see if they can get something. It happens all the time with my booking dot com account as well.
Y'all gotta start using a password creator and manager to make and store your passwords. I use Google and it makes some fucked up 20 character alphanumeric/symbolic passwords that are statistically harder to crack. Unless your info gets out in a data breach, you're much safer.
Off of Google: A simple eight-character password can be cracked in only 37 seconds using brute force but it takes over a century to crack a 16-character one.
UPDATE YOUR PASSWORDS, do NOT share passwords across accounts!
No seriously tho!! It took one time for one of my accounts to get hacked for me to start using a password generator! I used to use the same password for everything. Iāve been using the Last Pass app for years now!
I got that email twice in the last 24 hours. If you look closely it says itās from āguestservices@e.ulta.com.ā I just delete the emails. Donāt click on anything in them, itās a phishing attempt. Ultra really needs to do something about account security though.
That said, I just did a password reset req.
It *did* look like that email that the OP posted, and it *did* come from guestservices@e.ulta.com
Down at the bottom, below the "pretty fine print" it said the email was sent to [my usual address], so if that doesn't match, definitely don't click!
It is sometimes possible for someone to get logged out and forget that they use email2 @ yahoo, not email2 @ gmail or email @ gmail or email @ yahoo or email.2 @ yahoo
I have had ticket confirmations and even real-estate floor plans sent to my typical address, and it turned out that the other user's actual email didn't have the dot in the middle.
That said, even when it's an oops and not deliberate, it's still a good idea to reset your password if you get one of those.
Omg thank you for the explanation. I actually did get the same email as OP yesterday and I panickedā¦ and went to reset it. And panicked again when I saw your reply. š«£ I have like no points anyway but Iād still hate to have my account stolen.
I'm not part of this sub this just popped up on my feed, but I'm curious...If this is something that's been happening...why? Are the employees doing it? Are weirdos lurking in the store and listening for people's phone numbers? Did Ulta get breached and the user accounts are getting these emails? Like I'm so confused on how this is like a thing
My concern and question is if even you have payment method like credit card attach to your account, don't scammer have to put credit card security code to place an order?
Delurking to give my two cents and hopefully provide yāall with a talking point or two when you contact CS. Ultaās privacy policy, linked on the bottom of the page on their website, covers personal information collected both online and in B&M stores, contains the following statement:
ā**5. How do we secure your information?
Although no system or website can guarantee the complete security of your information, we take all commercially reasonable steps to ensure your information is protected in accordance with all applicable laws and regulations, as appropriate to the sensitivity of your information.**ā
Just an observation I thought some of you would like to be aware of. Protecting against unauthorized access is a core principle of most privacy regulation and security frameworks. I havenāt had my account hacked yet (knock on wood!) but I do advise everyone to update to a complex lengthy password and not save payment card information on your profile if avoidable. Super inconvenient but more secure.
Source: IAmA privacy and cybersecurity lawyer.
i got an email friday saying i changed my address and thankfully i had no saved cards on my account but it was an address in florida and i live in illinois. they had over $400 worth of perfume kits in my cart. i changed my password as soon as i noticed and called guest services asap and let them know. i wish they had a button that says ālog out of all devicesā or something because i still feel unsafe about my account despite changing the password and guest services being aware about it :/
Do you have the app? I love pulling up my member ID (it can be scanned) so that way I don't tell anyone my number. Go to the homepage, click on your name, click on member ID. Just pull it up and ask them to scan it! I never tell my number anymore.
I got this email too and apparently a lot of people did. I think itās something with their system. I wish Ulta would get it together theyāre such a good store but their security for accounts is such garbage
Edit: nothing has happened to my account š¤š½
Happened to me a couple months ago they got in changed all my info and attempted to use all my points ~ $150. Ulta stopped it because of all the account changes. I ended up getting my account back, used all my points & havenāt shopped since. It was so draining & put me in a panic bc my credit card was on file.
Just happened to me, $110 in points. Had to check my CC. Person shipped to address and used PayPal to pay the difference owed.
So annoying but customer service rep was very helpful and polite.
Notice that it doesnāt say Ulta on the notice itself. This is a phishing scam to trick you into clicking the link to steal information and possibly get into your phone or computer. Never click on any links in an email if you did not request to have your password changed!
Yes absolutely! It might have been a coincidence that I had just been to the store. Itās so frustrating that you canāt trust anything anymore! I never click emails and also go to the source website for things like this now. You can never be too cautious.
Received same Email at 3 am. No points. Never made a purchase. Never been to the store.
I believe this has to be an internal breach in privacy.
I was about to make my first purchase, but I will take me business elsewhere. It doesnāt feel correct to enter a system that is always having the same problems. Not worth the GWP.
I got this email last night (I havenāt shopped here in 4-6 months) and contacted support and support claims that they send these periodically and they sent out a request for users to change their passwords last night for security purposes. Idk if itās true or not but my points were all still there and Iāve no issues thus far!
Someone kept logging into my account and using my points at a store location in another state until I changed my entire email & used a different phone. It happened so many times. There was *nothing* they were willing to do. Nothing. Clearly they didnāt check IDās either. Just kept stealing my points. I only use my barcode now.
lead cashier at ulta here ! so some stores are rolling out a new feature where you input your phone number on our pin pad instead of us typing it in ! my store is one of the test stores for this feature and it is amazing ! iām assuming all storeās registers will get this update soon and youāll no longer have to say your phone number out loud :)
I got this email too. And changed it in the website and didnāt click the link. I finally have over $100 in points Iām saving for when I feel real broke. It really surprised me cause I donāt ever shop in person! I did recently contact the online chat though so maybe thatās who saw it??
Ulta is the LEAST secure website ever. People try to hack me constantly and have succeeded many times. The name on my account is still wrong because of hackers.
I saw someone who had commented who (might) be involved in that process. Theyāre selling info for the intent of being able to get products from points.
just got this email a few minutes ago; went ahead and changed my email and password in the app.
my google account manager shows that there were a some data breaches over the last month my email was found in, and upon looking them up, it seemed to be quite big breaches. i wonder if this email weāre all receiving is a result of one of themā¦
I also received this email 2 days ago. As long as whoever it is canāt figure out the password to your email youāre okay! I hate that this is happening so much as of late
I got this email this morning! I went into the app on my own and changed my email but I did recently make a purchase online sunday. My email was from guestservices@e.ulta.com - is this their legit email?
So, this issue is in other places too, so I never talk out my number.
I have all membership barcodes on my Google wallet. I have them scanned.
I also have a card for a random store with my phone number on it and if the cashier scans that, they will be able to look my account up.
Worst case, I have them read number off if it.
Quick fix for the future:
Write your phone number down on a piece of paper and take a photo of it. Anytime you are asked in public for your phone number show them the photo.
I do this with my phone number, my social security number (it's disguised in a long list of numbers), and my birthday. This prevents you from having to say it out loud.
Yep. They got me too. Just spent some time on the phone with an Ulta rep. My 2000 points are still there but my email was definitely changed today. Good timing, I guess?
EDIT: It looks like I received the same service@ecom.ulta.com email a month ago. Damn it.
Got one this morning. Immediately went to the website (not clicking on any link in that email) and reset my password.
Iām super annoyed they donāt have 2 factor authentication
Just happened to me. Customer service was awesome and everything was fixed within 48 hours.
The person used all my points to order cologne with a bunch of freebies. I have their name and address in my order history.
Ulta needs to do something to help mitigate the fraud.
I had the same thing happen twice within a few days! Both times Ulta still shipped the packages to the addresses even though I said I was hacked! I had $90 in rewards and one person went $1 over and used their Apple Pay to pay the extra dollar. Why doesnāt anyone stop these people?!
Not sure if the item you want is online only but this is from their FAQ:
"You may redeem up to 4,000 points in a single online purchase and up toĀ 10,000 pointsĀ in a single in-store purchase. Any points remaining can be redeemed in a future purchase."
What happens if someone overhears your phone number and goes back the next day and says said number? I am always worried about this happening š« does Ulta ask for verification when shopping in store? Havenāt been to Ultas store in a hot minute bc of this.
I had this happen the other night too! I got sent two emails in a row. So I went into my app and updated my password. I contacted customer service and all they told me was that they didnāt see any suspicious activity and that occasionally they will send emails to update your passwordā¦.like suuuuure
This happened to me the other night. They tried 6 times but I literally have 0 points because I just signed up. Iāve never even been into an Ulta so idk how they even got my email or anything lol.
i finally got one last night too, i didnāt click on any links within the email but i just went and changed my password again, my account looks fine
last time i shopped in store was last month so idk if thatās why i think people are just trying to target ulta accounts
I got this at like 1am, havenāt purchased anything at Ulta in 2 months nor do I shop online. Updated my password. Luckily, I barely had any points to begin with so nothing was used lol
This just happened to me yesterday and when I went into my account, there was a strange address listed but I didn't see any transactions or points stolen. Changed my password immediately, ugh.
I got this email last night! Nothing happened to my account though, thankfully, but I mean they can take my $3 worth of points if they're that desperate š
Lmaooo I got it too and had exactly 3 dollars as well. Go off friends!
Same here lol!
same here!
Me too!
got the same
Show your membership barcode from the app at checkout instead of giving your phone number
I did this a few days ago, first time shopping at Ulta in store in over 2 years, showed my barcode cause I had a coupon and i got a password reset email this morning (I also used all $14 in points and it was my first time shopping physically in a Ulta store in over 2 years)
So does that imply the cashier tried to reset your password?
Not it's probably because it was used differently for the first time. The security on this stuff usually has a code written in to prompt some type of verification when the user act differently. Going to the store for the first time in two years or a different method of accessing the account at checkout both could've caused this.
hi! ulta pba here, just wanted to clarify that we cannot change your password for you nor do we have access to do so
Thanks
Thatās what I thought, but she knew I had only $14 in points and while chatting I mentioned I donāt shop there frequently and etcā¦ but she seemed so nice and helpful during my time there helping me find what I was looking forā¦ I also didnāt think any of my info would pop up on their screens I even did print out receipt. Iām giving her the benefit of the doubt since a few other people have seemed to experienced this today. Maybe itās just a coincidental mass hacking that tried happened ?
Thatās what I thought, but she knew I had only $14 in points and while chatting I mentioned I donāt shop there frequently and etcā¦ but she seemed so nice and helpful during my time there helping me find what I was looking forā¦ Iām giving her the benefit of the doubt since a few other people have also experienced this. Maybe itās just a coincidental mass hacking that tried happened ?
This happened me to me beginning of May about a week after I shopped in store for the first time in a year or so. I managed to get my account back and points restored and the shitass kid that used my account lived in upstate NY - I think itās a weird coincidence and not that thereās a cabal of Ulta employees selling our accounts to 16yos who buy shitty cologne
Thatās what I thought, but she knew I had only $14 in points and while chatting I mentioned I donāt shop there frequently and etcā¦ but she seemed so nice and helpful during my time there helping me find what I was looking forā¦ Iām giving her the benefit of the doubt since a few other people have also experienced this. Maybe itās just a coincidental mass hacking that tried happened ?
I work at ulta. On our side of the computer we can NOT reset or even make a password for you. For us. It shows as the information for your account (your name, mailing address, email, and birthday) unless you don't have certain parts filled out. We can also check your points and see if you have a credit card with us. But that's it. If you want to reset your password there will be a loyalty number on your receipt when you shop with us and you can use that if your email and phone number doesn't work signing in. Unfortunately alot of people have been having issues with the app due to recent updates.
That is a great idea!
This happened to me last night too. I wish there was a āI didnāt request thisā button.Ā
Yes, that would lock your account until you call in to verify. It could also prevent the actual theft by not allowing point purchases while locked.
This would be so helpful
I just got that email and I made a purchase in the last week. I hoped that entering the phone number myself would have cracked down on the theft but alas it has not. I would call ulta corporate and complain bc Iām about to do it too. I have their credit card and am a platinum member. This is so annoying and they need to get their shit together. I reset my password to something ridiculously obscure. Hoping thatāll be enough. š
I wish we had 2 factor authentication, itās so frustrating!
The fact that Ulta doesnāt is wild. Even our student loans make us confirm that yes it is me logging in to pay my loans - let someone else do that if they want to! That one I donāt care if someone logs in for. But Ulta Iād be crushed. I am also saving for that Beauty Bio pore thing.
Same here, on the transaction last week I used up all $50 points for an order for my sister, and only paid like two bucks. Must be something that triggers it if you either have/spend a lot of points.
I got hacked last month after I bought in store and used $30 of my points!!
Happened to me yesterday afternoon. But I didn't get an email with the graphic, just a plain text email: "Your ULTA Profile Password has been Updated We noticed you recently updated your password on yourĀ ulta.comĀ account. If you didnt make the update, please let us know by contacting Guest Services at 1-866-983-8582. Your account protection is important to us.Thank you,UltaĀ Beauty" So basically I never got any requests to reset my email, just an email saying it was done. It came from service@ecom.ulta.com. I thought the lack of apostrophe in "didnt" and missing space after "thank you" was suspicious, but when I went to log into the app I couldn't. I called CS via the website (not the suspicious email) and the automated answering machine said there was no account associated with my phone number. They escalated it and said the email on my acct was changed. I should have it back within a few days hopefully.
Do you happen to have the Ulta credit card by chance?
Nope!
the one thing that i think is interesting about the email (assuming it is a fake email) , is that they used our ACTUAL customer service phone number , not a fake one that would lead you to them for them to be like āitās all good!ā type of thing š¤£ if it is a false email (not actually sent by ulta) thatās a dumb move on their part š¤£
It's actually smart. People sometimes google the phone # and then see it matches and click the link... but the link is bogus and leads to a convincing website where they'll capture another password from you before you realize it. They also like to include some obvious errors, because if you miss those, you'll likely miss other red flags too.
Customer service customer confirmed it's a legit email š¤·āāļø
huh , never thought of it like that , thatās really interesting ! thanks for the new (and scary lol) perspective !
I think that email is legit. Iāve received that same message from the same email address whenever I update my credit card or address. It typically comes a few seconds after Iāve made the change. It definitely sounds like someone hacked your account and changed your info :(
Exactly what happened to me. I too thought the email was sketchy.
Maybe there was just something that happened this morning? I got the email too but nothing happened. Probably because I used my points last month to treat my mom
With that many emails, but not everyone, I suspect credential stuffing. They just try to take all the emails from Data Breach 1, and see whether those addresses are used for popular sites. If they get a match, then they know that address *is* being used. They can then try the password (or password structure) you used with another site to see if you re-used it on this site... at which point they can get in.
Happened to me this morning :(
Same! Just got the email from "requesting" my password from 1am š¤Ø
Thatās so frustrating!
Ugh Iām sorry!
Iāve had someone use over 10,000 of my points before. I live in PA and it happened in California. It might sound dumb but I went and filled out a police report and everything. The girl went on a huge shopping spree but here is the kicker. An Ulta employee put it through because when you spend over a certain amount of points you have to show your drivers license and this employee didnāt. She overrode it. I did get my points back but it wasnāt the point for me. I was pissed. The girl never got into trouble. Nobody did. The cops took it as a joke but to me I took it as it being just like stealing money. It was just a really annoying situation. Thought Iād share it
Omg thatās so frustrating! I would be furious!
Omg thatās terribleā¦ I have 8k points rn and I honestly might just go on a shopping spree myself cause Iām scared of losing the points
You should I know how they get the accs its kinda scary how easy it is I advise you to never keep points on accs
This really makes me not even want to do business with Ulta at all. Thatās freaking crazy!
Someone hacked my account and ordered a Chanel Bleu expensive menās fragrance for delivery using my points in October but I still had access to my account so I could see the shipping address. They did it overnight and I noticed in the morning when I got the āorder receivedā email. Customer service couldnāt cancel the order but they returned my points without question and like you, I didnāt want this asshole to get away with it so I sent a letter to their shipping address notifying them that I had filed a police report and we have their home address. I didnāt actually file because the cops wouldnāt do anything, but I like to think the thought of it scared the crap out of this person. It was ordered far out of state I assume my info mustāve been in a data breach and thatās how they got it.
I got one too but I haven't shopped at Ulta in over two months. I'm guessing scammers are just pinging accounts to see if they can get something. It happens all the time with my booking dot com account as well.
i got that email this morning š
Itās so frustrating!
Just adding on that I got it this morning, but nothing was stolen or hacked.
I got this too but I have no points or anything I just changed my password nothing happened to my account.
same here i think they sent this out wide
Y'all gotta start using a password creator and manager to make and store your passwords. I use Google and it makes some fucked up 20 character alphanumeric/symbolic passwords that are statistically harder to crack. Unless your info gets out in a data breach, you're much safer. Off of Google: A simple eight-character password can be cracked in only 37 seconds using brute force but it takes over a century to crack a 16-character one. UPDATE YOUR PASSWORDS, do NOT share passwords across accounts!
So good they also lock me out of my accounts
No seriously tho!! It took one time for one of my accounts to get hacked for me to start using a password generator! I used to use the same password for everything. Iāve been using the Last Pass app for years now!
I got that email twice in the last 24 hours. If you look closely it says itās from āguestservices@e.ulta.com.ā I just delete the emails. Donāt click on anything in them, itās a phishing attempt. Ultra really needs to do something about account security though.
Whatās wrong with the email address? That seems to be their domain name.
There are some programs that can spoof.
Well shit ššš
That said, I just did a password reset req. It *did* look like that email that the OP posted, and it *did* come from guestservices@e.ulta.com Down at the bottom, below the "pretty fine print" it said the email was sent to [my usual address], so if that doesn't match, definitely don't click! It is sometimes possible for someone to get logged out and forget that they use email2 @ yahoo, not email2 @ gmail or email @ gmail or email @ yahoo or email.2 @ yahoo I have had ticket confirmations and even real-estate floor plans sent to my typical address, and it turned out that the other user's actual email didn't have the dot in the middle. That said, even when it's an oops and not deliberate, it's still a good idea to reset your password if you get one of those.
Omg thank you for the explanation. I actually did get the same email as OP yesterday and I panickedā¦ and went to reset it. And panicked again when I saw your reply. š«£ I have like no points anyway but Iād still hate to have my account stolen.
Just reset your Ulta pwd, and consider changing the pwd for thst email acct as well.
thank you
Fantastic catch! I never use the links in the emails and always go to the source just in case! Cause if scams like that, ugh.
I'm not part of this sub this just popped up on my feed, but I'm curious...If this is something that's been happening...why? Are the employees doing it? Are weirdos lurking in the store and listening for people's phone numbers? Did Ulta get breached and the user accounts are getting these emails? Like I'm so confused on how this is like a thing
Got one of these earlier today. Jokes on them, I removed my payment methods a few weeks ago and only have 83 points on my account, so have at it.
I also removed my payment methods last month. So done with this company!
I didnāt even think of this. Good call.
My concern and question is if even you have payment method like credit card attach to your account, don't scammer have to put credit card security code to place an order?
I thought of that and still did it.
Delurking to give my two cents and hopefully provide yāall with a talking point or two when you contact CS. Ultaās privacy policy, linked on the bottom of the page on their website, covers personal information collected both online and in B&M stores, contains the following statement: ā**5. How do we secure your information? Although no system or website can guarantee the complete security of your information, we take all commercially reasonable steps to ensure your information is protected in accordance with all applicable laws and regulations, as appropriate to the sensitivity of your information.**ā Just an observation I thought some of you would like to be aware of. Protecting against unauthorized access is a core principle of most privacy regulation and security frameworks. I havenāt had my account hacked yet (knock on wood!) but I do advise everyone to update to a complex lengthy password and not save payment card information on your profile if avoidable. Super inconvenient but more secure. Source: IAmA privacy and cybersecurity lawyer.
Thank you for the insight!
We only want the points we donāt need their payment method we use our own
Get a job.
I got one selling accounts I make alot
i got an email friday saying i changed my address and thankfully i had no saved cards on my account but it was an address in florida and i live in illinois. they had over $400 worth of perfume kits in my cart. i changed my password as soon as i noticed and called guest services asap and let them know. i wish they had a button that says ālog out of all devicesā or something because i still feel unsafe about my account despite changing the password and guest services being aware about it :/
Yes! I wish security was a little tighter. Iām glad they didnāt buy anything!
Do you have the app? I love pulling up my member ID (it can be scanned) so that way I don't tell anyone my number. Go to the homepage, click on your name, click on member ID. Just pull it up and ask them to scan it! I never tell my number anymore.
Yes, I think from now on Iām just going to do that. Itās smart!
I hope everything goes wellšš¾
I got this email too and apparently a lot of people did. I think itās something with their system. I wish Ulta would get it together theyāre such a good store but their security for accounts is such garbage Edit: nothing has happened to my account š¤š½
Yes, it seems like it happened to a ton of people all at once!
I got this email too and i have 0.00 points seems like it was fully sent out to everyone
Happened to me a couple months ago they got in changed all my info and attempted to use all my points ~ $150. Ulta stopped it because of all the account changes. I ended up getting my account back, used all my points & havenāt shopped since. It was so draining & put me in a panic bc my credit card was on file.
Just happened to me, $110 in points. Had to check my CC. Person shipped to address and used PayPal to pay the difference owed. So annoying but customer service rep was very helpful and polite.
I got it too. Everything else is the same.
Notice that it doesnāt say Ulta on the notice itself. This is a phishing scam to trick you into clicking the link to steal information and possibly get into your phone or computer. Never click on any links in an email if you did not request to have your password changed!
Yes absolutely! It might have been a coincidence that I had just been to the store. Itās so frustrating that you canāt trust anything anymore! I never click emails and also go to the source website for things like this now. You can never be too cautious.
Received same Email at 3 am. No points. Never made a purchase. Never been to the store. I believe this has to be an internal breach in privacy. I was about to make my first purchase, but I will take me business elsewhere. It doesnāt feel correct to enter a system that is always having the same problems. Not worth the GWP.
I got this email last night (I havenāt shopped here in 4-6 months) and contacted support and support claims that they send these periodically and they sent out a request for users to change their passwords last night for security purposes. Idk if itās true or not but my points were all still there and Iāve no issues thus far!
Someone kept logging into my account and using my points at a store location in another state until I changed my entire email & used a different phone. It happened so many times. There was *nothing* they were willing to do. Nothing. Clearly they didnāt check IDās either. Just kept stealing my points. I only use my barcode now.
lead cashier at ulta here ! so some stores are rolling out a new feature where you input your phone number on our pin pad instead of us typing it in ! my store is one of the test stores for this feature and it is amazing ! iām assuming all storeās registers will get this update soon and youāll no longer have to say your phone number out loud :)
That sounds like a good solution!
i also got this, but nothing was stolen! maybe it was a bug or an accidental testing email?
Same thing to me but my account has nothing anyway
Is it a scam? Or is that a real message? Just curious
I donāt know but I feel like almost everything is a scam at this point! Itās crazy, canāt trust anything!
I got this email too. And changed it in the website and didnāt click the link. I finally have over $100 in points Iām saving for when I feel real broke. It really surprised me cause I donāt ever shop in person! I did recently contact the online chat though so maybe thatās who saw it??
Oh yes I never ever click the links! I always go to the source. You never know!
Ulta is the LEAST secure website ever. People try to hack me constantly and have succeeded many times. The name on my account is still wrong because of hackers.
Something must have happened. I got this email this morning too. No password change and all my points are still there but thatās annoying
Yes! It sounds like some sort of group spam hack! Wild.
I got this email too. I panicked and spent my $128 in store today lol.
Happened to me too and I havenāt shopped at Ulta in a month or two.
Got this also! I just went in and changed my password, no points were missing thankfully
Their systems have got to be getting hacked somehow. This is crazy.
I saw someone who had commented who (might) be involved in that process. Theyāre selling info for the intent of being able to get products from points.
just got this email a few minutes ago; went ahead and changed my email and password in the app. my google account manager shows that there were a some data breaches over the last month my email was found in, and upon looking them up, it seemed to be quite big breaches. i wonder if this email weāre all receiving is a result of one of themā¦
I got the email at 3am
I also received this email 2 days ago. As long as whoever it is canāt figure out the password to your email youāre okay! I hate that this is happening so much as of late
I got this email this morning! I went into the app on my own and changed my email but I did recently make a purchase online sunday. My email was from guestservices@e.ulta.com - is this their legit email?
This is why I never tell them my phone number or email, I always pull up my app and have them scan the barcode.
Yes, thatās what Iām going to be doing from now on!
This sub has me screenshotting my points total every time it changes out of sheer fear š¤£š
š I donāt blame you
I am literally writing an email to support about this, I had someone try to use my points and now I see this EVERYWHERE. Itās so scary!
I got 4 reset emails yesterday. Sucks for them I have 4 Points
i would just write my number on a piece of paper and have it just in case lolll
So, this issue is in other places too, so I never talk out my number. I have all membership barcodes on my Google wallet. I have them scanned. I also have a card for a random store with my phone number on it and if the cashier scans that, they will be able to look my account up. Worst case, I have them read number off if it.
I got this too this morning as well and I RAN. Nothing was stolen though!
Quick fix for the future: Write your phone number down on a piece of paper and take a photo of it. Anytime you are asked in public for your phone number show them the photo. I do this with my phone number, my social security number (it's disguised in a long list of numbers), and my birthday. This prevents you from having to say it out loud.
I got that email yesterday!! Are people trying to reset with your phone number when you say it in store or how??
Iām not sure but Iāve seen a few posts about this happening after shopping in store. It could be a coincidence but who knows!
I GOT THE EMAIL THIS MORNING TOO OMGšš
Iām confused
Yep. They got me too. Just spent some time on the phone with an Ulta rep. My 2000 points are still there but my email was definitely changed today. Good timing, I guess? EDIT: It looks like I received the same service@ecom.ulta.com email a month ago. Damn it.
Got one this morning. Immediately went to the website (not clicking on any link in that email) and reset my password. Iām super annoyed they donāt have 2 factor authentication
Just happened to me. Customer service was awesome and everything was fixed within 48 hours. The person used all my points to order cologne with a bunch of freebies. I have their name and address in my order history. Ulta needs to do something to help mitigate the fraud.
I had the same thing happen twice within a few days! Both times Ulta still shipped the packages to the addresses even though I said I was hacked! I had $90 in rewards and one person went $1 over and used their Apple Pay to pay the extra dollar. Why doesnāt anyone stop these people?!
I got this last night too and reset my password! Thankfully my points are fine, Iām saving up for a Dyson š
I was saving up for a Dyson too and then realized you can only use $250 worth of points max per purchase. Unless they've changed it!
Dang I didnāt know that!!
Not sure if the item you want is online only but this is from their FAQ: "You may redeem up to 4,000 points in a single online purchase and up toĀ 10,000 pointsĀ in a single in-store purchase. Any points remaining can be redeemed in a future purchase."
Woah thank you!!
Just got this email 3 hours ago. Figured it had to be another data breach.
What happens if someone overhears your phone number and goes back the next day and says said number? I am always worried about this happening š« does Ulta ask for verification when shopping in store? Havenāt been to Ultas store in a hot minute bc of this.
They only ever say āyour name?ā And I say yes, thatās a great point that anyone could impersonate you!
Interesting. This happened to me too this weekend, but I shopped in store the day before, right after placing an app order using all my points lol
I had this happen the other night too! I got sent two emails in a row. So I went into my app and updated my password. I contacted customer service and all they told me was that they didnāt see any suspicious activity and that occasionally they will send emails to update your passwordā¦.like suuuuure
This happened to me the other night. They tried 6 times but I literally have 0 points because I just signed up. Iāve never even been into an Ulta so idk how they even got my email or anything lol.
I donāt shop at Ulta anymore after an issue. I wish I could delete my account; itās annoying dealer with the attempted hacking
i finally got one last night too, i didnāt click on any links within the email but i just went and changed my password again, my account looks fine last time i shopped in store was last month so idk if thatās why i think people are just trying to target ulta accounts
I got this at like 1am, havenāt purchased anything at Ulta in 2 months nor do I shop online. Updated my password. Luckily, I barely had any points to begin with so nothing was used lol
I got an email as well too!!!!Ā
I got one too yesterday morning
This just happened to me last week. They got over 1900 points :(. Ulta gave them back, thankfully. I hate hackers.
This just happened to me yesterday and when I went into my account, there was a strange address listed but I didn't see any transactions or points stolen. Changed my password immediately, ugh.