Thousands hit in Tesco.com attack

Mark Ward reports:

Tesco has deactivated customers’ internet accounts after their login names and passwords were shared online.

The list of more than 2,000 Tesco.com accounts was posted to a popular text-sharing site earlier on Thursday.

The supermarket giant said the data had been compiled by hackers using details stolen from other sites.

A small number of people contacted by the BBC via the email addresses given on the list confirmed their accounts had now been deactivated.

Read more on BBC.  Looking at the data dump, I see email addresses and what appear to be plain-text passwords.  There is also a field for amount of vouchers.

If Tesco is correct that this happened because login credentials were acquired from other sites’ breaches, then how many reminders do consumers need not to re-use login credentials across sites?

About the author: Dissent

Comments are closed.