Tesco customers' passwords and email details leaked online

More than 2,000 of the supermarket giant's customers affected by online data leak.

Tesco store

Supermarket giant Tesco has deactivated more than 2,000 of its customers' online accounts after their personal details were published on text sharing site Pastebin.

The leaked details included the email addresses, plain text passwords and Tesco Clubcard point balances of 2,239 of the company's customers.

According to a report by the BBC, the data may have been pieced together by hackers using information lifted from other sites and cyber attacks.

It is thought the gleaned email addresses and passwords were then systematically used by hackers to try and access Tesco.com accounts.

In a small number of cases, the hackers are said to have stolen Clubcard points from customers too, which Tesco has agreed to reimburse.

In a statement on the Tesco Facebook page, the company said it was investigating the breach.

"We take the security of our customers' data extremely seriously and are urgently investigating these claims," a company spokesperson wrote.

"We are committed to ensuring that nobody misses out as a result of this. We will issue replacement vouchers to the very small number who are affected."

Trey Ford, global security strategist at security vendor Rapid 7, said the case highlights the perils of using the same login details across multiple online accounts.

"So far the information available indicates the impact of this has been relatively limited stolen vouchers but if attackers have tried this on Tesco.com, the chances are they are also trying it on other sites too and so we may see additional fallout," said Ford.

"This is [a lesson] in consumer behaviour people continue to reuse passwords and other credentials across multiple sites, making it easy for attackers to compromise them. It's essential to learn the lesson from this incident before the cost becomes greater," he added.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Microsoft spearheads industry-wide charter against AI cyber attacks
Security

Microsoft spearheads industry-wide charter against AI cyber attacks

23 Oct 2020
Weekly threat roundup: Chrome, Citrix and WordPress
Security

Weekly threat roundup: Chrome, Citrix and WordPress

23 Oct 2020
IT services giant Sopra Steria falls victim to Ryuk ransomware
Security

IT services giant Sopra Steria falls victim to Ryuk ransomware

23 Oct 2020
The IT Pro Podcast: How hackers steal your password
cyber security

The IT Pro Podcast: How hackers steal your password

23 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
IBM and SAP expand partnership to support software on hybrid cloud
Cloud

IBM and SAP expand partnership to support software on hybrid cloud

21 Oct 2020