Nearly 2200 Tesco customers woke up to a rude shock yesterday. Not only their log-in ids and passwords were leaked online but many were blocked from accessing Tesco.com website also. Some Tesco customers complained that their vouchers had gone missing from their accounts.
Hackers had leaked a list of 2200 Tesco customer log-in ids and passwords on the Pastebin website. The list also includes discount vouchers of the individual Tesco customers. Though at this moment the authorities are investigating the leaks and possible fallouts, it is felt that hackers obtained these ids and passwords from other websites and tried it out on Tesco.com before publishing it on Pastebin.
The supermarket giant issued a statement that it ‘urgently investigating’ into the leaks while genuine Tesco customers vented their fury on the Tesco Facebook wall to report the incidences of them not being able to access their Tesco accounts and some reporting theft of their Tesco points as well as vouchers.
“We have contacted all customers who may have been affected and are committed to ensuring that none of them miss out as a result of this,” Tesco said in a statement. “We will issue replacement vouchers to the very small number who are affected.”
Trey Ford, global security strategist at Rapid7, said that the Tesco breach happened because of individuals using the same log-in ids and passwords for multiple online accounts.
“The attackers seem to have picked up usernames and passwords that were leaked after breaches of other, potentially unrelated organisations, and by trying them on Tesco’s site, they were able to compromise 2,239 Tesco.com customer accounts. So far the information available indicates that the impact of this has been relatively limited – stolen vouchers – but if attackers have tried this on Tesco.com, the chances are they are also trying it on other sites too and so we may see additional fallout,” he said.
Techworm will bring you the latest updates about the investigations that are going on.