Retail Technology
| Log in | Subscribe



Subscribe | Log in
Retail Technology
Subscribe

Tesco.com investigates data leak

By Retail Technology | Friday February 14 2014

Supermarket giant says it is investigating how a list of customer logins and passwords were posted online yesterday, leading expert to question online retail defences

Tesco has confirmed is it “urgently” investigating how some the details of over 2,000 of its online shopping customer accounts were posted to text-sharing site yesterday.

It is not clear where the information, which included login details and passwords, was obtained. But suggestions include that hackers could have made up the list from details stolen elsewhere.

The supermarket said in a statement it takes the security of its customers’ data “extremely seriously”. “We are urgently investigating these claims,” the Tesco statement added.

“We have contacted all customers who may have been affected and are committed to ensuring that none of them miss out as a result of this. We will issue replacement vouchers to the very small number who are affected.”

The BBC also reported late yesterday that some of people it contacted via the email addresses given on the list confirmed their accounts had now been deactivated.

Taking steps to minimise risk

Ilia Kolochenko, chief executive of information security and penetration testing firm High-Tech Bridge, stressed it was too early to draw any conclusions about how the data got into the public domain right now. “For the moment we don't have any technical evidence that Tesco was hacked,” he said.

“Stolen credentials may come from various sources, for example from Tesco's customers’ machines being compromised, or from a phishing website. The bigger a company is, the easier it is to compromise some of its customers without attacking the company directly.”

The security company recently published a research into e-commerce websites security against hacking and vulnerabilities. It found 98% of the 100 largest websites failed to automatically protect users by directing them to the highly secure HTTPS version of their sites. 

And only 27% had a secure HTTPS version of their sites for all customer-facing pages, leaving critical details such as passwords and billing information openly available to identity thieves.

Related items

Ocado extends contract with robotics partner

By Retail Technology | Retail Technology

Instacart and C&S team up for online grocers

By Retail Technology | Retail Technology

COVID-19: Kroger uses tech to limit customers

By Retail Technology | Retail Technology

Walmart implements workforce management software

By Retail Technology | Retail Technology

Tesco chills out with new refrigeration technology

By Retail Technology | Retail Technology

Carrefour announces new delivery scheme

By Retail Technology | Retail Technology

Tesco testing cashierless stores

By Retail Technology | Retail Technology

Walmart trials driverless vehicles

By Retail Technology | Retail Technology

Co-op upgrades category management

By Retail Technology | Retail Technology

The retail tech travel guide

By Retail Technology | Retail Technology