UK: Tesco issues 600,000 new Clubcards after credential stuffing attack
Kalila Sangster reports:
Tesco (TSCO.L) is issuing new cards to 600,000 Clubcard account holders after discovering a security breach.
The supermarket said some customers may have fallen victim to online fraud after a database of stolen usernames and passwords from other platforms had been tried out on its website.
The use of the stolen data may have been successful in redeeming Clubcard vouchers some cases, according to the retailer.
Read more on Yahoo!
And no, don’t blame Tesco for this, although perhaps we should ask after how many attempts they lock an attempter out. But ultimately, this is due to people reusing login credentials across sites. Sometimes, we really have to take some responsibility for making it too easy for attackers.