Thousands of Tesco.com user passwords leaked online

Filed Under: Data loss, Featured

Tesco logo, creative commonsUK retailer Tesco has been forced to suspend 2,239 user accounts after a list of email addresses, passwords and Clubcard voucher balances was posted online.

The list of user details, dumped on a popular text sharing site on Tuesday evening, was at first thought to be fake until some Twitter users started testing username and password combinations, discovering that they did indeed work.

A small number of users also contacted the BBC, via email addresses published as part of the dump, to confirm that their accounts had been suspended.

The security breach does not appear to have come from Tesco's end though. The supermarket giant said the data must have been compiled by taking user details obtained from breaches at other websites - presumably users who had reused email addresses and passwords across multiple accounts.

Though it is not known exactly where the customer details came from at this time, you don't have to look very far to see examples of where the crooks could have got hold of at least some of the data.

In October Adobe admitted that cyber criminals had appropriated account details for 38 million of their customers.

Some Tesco.com users told the BBC that Clubcard vouchers they had earned had been stolen, though the amounts reported were quite small.

Tesco announced that it would offer replacement vouchers to all of those affected.

The company, which said that it is 'urgently investigating' the breach, spoke to the BBC:

We have contacted all customers who may have been affected and are committed to ensuring that none of them miss out as a result of this.

We will issue replacement vouchers to the very small number who are affected.

So let this serve as a timely reminder to use different, complex passwords for every account that you have online. Otherwise, once one is compromised, all of your accounts become vulnerable.

If you have trouble remembering all those difficult passwords then password management software will help you out – check out the likes of LastPass and KeePass.

Also, be wary of any offers you may now receive for Clubcard or other types of supermarket vouchers – even if they aren't stolen, they could be fake.

, ,

You might like

One Response to Thousands of Tesco.com user passwords leaked online

  1. Bart B · 187 days ago

    You won't have any trouble remembering "difficult passwords" on Tesco's website, they have an 8-character limit! (which is why I never let the site save my credit card details).

    This breach may not be from Tesco themselves, but that doesn't mean there isn't signifficant room for improvement on their end.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Lee Munson is the founder of Security FAQs, a social media manager with BH Consulting and a blogger with a huge passion for information security.