Boots has suspended payments using loyalty points after a cyber attack on almost 150,000 customers' accounts.
The company's IT security team spotted "unusual" activity on a number of Boots Advantage Card accounts.
It was thought scammers tried to access and spend customer points via the loyalty card system.
The issue is said to have affected less than 1 per cent of the company's 14.4 million active Advantage Card users - around 150,000 people -
Boots insisted no credit card information had been accessed.
In a statement, the company said: "Our customers' safety and security online is very important to us.
"We can confirm we are writing to a small number of our customers to tell them that we have seen fraudulent attempts to access boots.com accounts.
"These attempts can be successful if people use the same email and password details on multiple accounts.
"We would like to reassure our customers that these details were not obtained from Boots. We are aware that other organisations may be impacted too."
The statement added: "As an extra precaution we have temporarily stopped payment by Boots Advantage Card points on boots.com or in store.
"This removes the ability for people to attempt to access any Boots accounts, but means that customers will not be able to use Boots Advantage Card points to pay for products in store and online for a short period of time.
"We are writing to customers if we believe that their account has been affected, and if their Boots Advantage Card points have been used fraudulently we will, of course, replace them.
"We currently believe that this will only affect a tiny percentage of cardholders and we would like to reassure customers that credit card information cannot be accessed. To help protect online accounts we strongly recommend using different passwords for each site used."
The news comes after Tesco reported itself to the Information Commissioner's Office after scammers targeted its online shoppers.
The retail giant believed fraudsters accessed the accounts of users using lists of stolen username and password combinations from other sites and tried to redeem vouchers amassed by shoppers.
