Thousands of customers using Safaricom PLC woke up to a rude shock on Sunday, March 29, after discovering their Bonga Points had been mysteriously depleted in a series of overnight transactions.
Complaints flooded social media in the early hours of the morning, with users reporting unauthorized redemptions made between 2 a.m. and 7 a.m., raising fresh concerns over the security of loyalty rewards linked to mobile accounts.
Screenshots shared by affected subscribers show multiple deductions processed within minutes, with points redeemed to unfamiliar recipients and till numbers.
One of the messages seen by users read:
“Your expenditure of Ksh50 worth 250 points to Otenyo Momanyi Aruya Till 5307214 was successful. The transaction reference number is UCTUB8ZHVN. Your Bonga Points balance is 10,998.0.”
Other customers reported repeated alerts reflecting similar transactions, in some cases draining thousands of points in rapid succession.
A user identified as Junganga questioned the anomaly online, stating:
“Good morning, @SafaricomPLC @Safaricom_Care. What’s going on with the Bonga Points system this morning? Been receiving messages about the points being transferred to all sorts of people since 2 a.m.”
The incident has sparked widespread anxiety among Safaricom subscribers, many of whom rely on Bonga Points—earned through airtime usage and mobile transactions—for essential redemptions such as airtime, data bundles, and even payments.
While Bonga Points are not direct cash, their monetary value has made them a key part of Safaricom’s customer loyalty ecosystem, amplifying concern over potential system vulnerabilities or fraudulent access.
In response, Safaricom acknowledged the issue and confirmed that investigations are ongoing into what it termed as fraudulent Bonga Points redemptions.
“Hi. We are aware of the issue of Bonga Points being redeemed fraudulently, and this is under investigation. Apologies for the inconvenience caused,” the company said in replies to affected customers.
Call centre responses to subscribers further indicated that the telco is working to restore affected balances and will notify users once the issue is resolved.
The timing and pattern of the transactions—clustered within early morning hours and involving multiple small-to-medium redemptions—have raised questions about whether the incident could be linked to coordinated system abuse or unauthorized access to customer accounts.
As of publication, Safaricom had not disclosed the scale of the breach, the number of affected users, or whether customer data may have been compromised.
Customers have been urged to monitor their accounts closely as the company works to contain the situation.
