5th Mar 2020
Supermarket giant Tesco has issued new Clubcards to 600,000 customers, after it found out a database of stolen usernames and passwords from other platforms had been used on its website – in some cases successfully.
The supermarket said that no financial data had been accessed and confirmed its systems haven’t been hacked. Rather, criminals used leaked common password combinations to try to break into users’ personal accounts. However, the supermarket did say it was aware of “some fraudulent activity around the redemption of a small proportion of our customers’ Clubcard vouchers”.
The supermarket emailed everyone who could have been affected, confirming that no one would lose their Clubcard points and that new vouchers would be issued.
Speaking to the BBC about receiving an email from Tesco, one customer said the email worried him, but that he felt better now that the situation had been clarified.
According to the BBC, approximately 19 million people have a Clubcard account, which would mean this database issue, resulting in the issuing of new Clubcards, has affected 3% of customers.
Jake Moore, a Cybersecurity Specialist at ESET, told the BBC: “Cyber criminals can do a lot of damage with a large breached list simply containing names and emails or other trivial data.” He advised customers to use password managers to generate and store unique passwords, and two-factor authentication where possible.