430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

TESCO thousands shopping account credentials leaked online

Thousands of Tesco.com shopping accounts were suspended after hackers have leaked users details including credentials and Tesco Clubcard vouchers. Tesco has recently confirmed to have suffered a data breach, the cybercriminals have hit the company on Valentine’s Day compromising the account of thousands of online clients. “We take the security of our customers’ data extremely seriously and […]

TESCO thousands shopping account credentials leaked online

Thousands of Tesco.com shopping accounts were suspended after hackers have leaked users details including credentials and Tesco Clubcard vouchers.

Tesco has recently confirmed to have suffered a data breach, the cybercriminals have hit the company on Valentine’s Day compromising the account of thousands of online clients.

“We take the security of our customers’ data extremely seriously and are urgently investigating these claims.”
 “We have contacted all customers who may have been affected and are committed to ensuring that none of them miss out as a result of this. We will issue replacement vouchers to the very small numbers who are affected.” said a Tesco spokesperson. 

The news was reported by The Guardian, the hackers obtained login credentials for thousands of accounts that have been deactivated by the Tesco in response to the incident. This isn’t the first time when Tesco suffers a data breach, in 2013 hundreds of Tesco Clubcard users found their online accounts had been compromised.

“It was suggested at the time that the Clubcard hacks were also caused by account holders using the same username and password combination on other compromised sites and services.” reported the Guardian.

Attackers hit the Tesco.com website and a list of over 2,240 shopping accounts was posted online on the Pastebin by unknown hackers.

tesco hacked

  The list reports online shopping accounts, personal details and includes also Tesco Clubcard vouchers.  It is still not clear how the hackers obtained the data published on pastebin, some experts hyphotisized that the data resulted as collection from other data breach and the cyber criminals used the same credentials also to access on the Tesco shopping portal with success. Is confirmed the wrong habit to share credentials over different services has caused the exposure also for Tesco accounts. The security expert Troy Hunt, who previously criticized Tesco for sending passwords in plain text via email, commented on is blog the incident with following statements:

“What would concern me if I was in Tesco’s shoes is that clearly someone has a workable attack vector that’s exploiting their accounts. Whether they’re brute forcing accounts one by one or simply testing for reused credentials from other breaches, the fact remains that accounts have been compromised en masse. I would not for a moment assume that the extent of the damage is only a couple of thousand accounts, that’s almost certainly only the tip of the iceberg. Many of the serious security problems that Tesco had in mid-2012 remain both in terms of discrete risks I called out (such as password strength), and as a cultural approach to security in general. There are still numerous easily observable risks discoverable simply by browsing the website, who knows what might lie beneath that and is readily discoverable with a little probing.”

The recent incidents to US retailers Target and Neiman Marcus demonstrated how  much danger a data breach could be in the business of company and for its reputation. Who will acquire again on Tesco.com? The user must be informed of the risks related to an attack of e-commerce platforms and they need to be informed on the mitigation technique adopted by retailers and online shopping portals to protect their customers.

Pierluigi Paganini

(Security Affairs –  Tesco, databreach)