Tesco customers' passwords and email details leaked online

More than 2,000 of the supermarket giant's customers affected by online data leak.

Tesco store

Supermarket giant Tesco has deactivated more than 2,000 of its customers' online accounts after their personal details were published on text sharing site Pastebin.

The leaked details included the email addresses, plain text passwords and Tesco Clubcard point balances of 2,239 of the company's customers.

According to a report by the BBC, the data may have been pieced together by hackers using information lifted from other sites and cyber attacks.

Advertisement - Article continues below

It is thought the gleaned email addresses and passwords were then systematically used by hackers to try and access Tesco.com accounts.

In a small number of cases, the hackers are said to have stolen Clubcard points from customers too, which Tesco has agreed to reimburse.

In a statement on the Tesco Facebook page, the company said it was investigating the breach.

"We take the security of our customers' data extremely seriously and are urgently investigating these claims," a company spokesperson wrote.

"We are committed to ensuring that nobody misses out as a result of this. We will issue replacement vouchers to the very small number who are affected."

Trey Ford, global security strategist at security vendor Rapid 7, said the case highlights the perils of using the same login details across multiple online accounts.

Advertisement
Advertisement - Article continues below

"So far the information available indicates the impact of this has been relatively limited stolen vouchers but if attackers have tried this on Tesco.com, the chances are they are also trying it on other sites too and so we may see additional fallout," said Ford.

"This is [a lesson] in consumer behaviour people continue to reuse passwords and other credentials across multiple sites, making it easy for attackers to compromise them. It's essential to learn the lesson from this incident before the cost becomes greater," he added.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/ethical-hacking/355860/developer-scores-100000-bounty-from-apple-for-exposing-a-critical
ethical hacking

Developer scores $100,000 bounty from Apple for exposing a critical vulnerability

1 Jun 2020
Visit/security/hacking/355854/hackers-wreaking-havoc-on-googles-cloud-infrastructure
hacking

Hackers are wreaking havoc on Google’s Cloud infrastructure

1 Jun 2020
Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/security/phishing/355810/zloader-malware-returns-as-a-coronavirus-phishing-scam
phishing

ZLoader malware returns as a coronavirus phishing scam

27 May 2020

Most Popular

Visit/server-storage/network-attached-storage-nas/355849/western-digital-sneaked-inferior-smr-tech-into
network attached storage (NAS)

Western Digital accused of sneaking inferior SMR tech into NAS drives

1 Jun 2020
Visit/security/data-breaches/355777/easyjet-faces-class-action-lawsuit-over-data-breach
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020