United Kingdom, 2 March 2020 – Tesco, a giant supermarket chain was recently abrupted with risk to a data breach, jeopardizing 600,000 Clubcard accounts containing card holder’s personal data.
Tesco’s IT system was intact, however, the root of it all started with hackers signing into a few Tesco accounts using the same username and password obtained from other third party accounts. It was believed that the source of the breach was not from Tesco in the first place.
This breach is called “credential stuffing attacks” where an attacker uses a list of user credentials to break into a system. The bots deployed by the attacker are able to identify other users accounts, which uses similar passwords across multiple platforms.
“We are aware of some fraudulent activity around the redemption of a small proportion of our customer’s Clubcard vouchers,” said a Tesco representative on the first detection.
“Our internal system picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts,” the representative added.
Tesco has blocked all 600,000 accounts to avoid further activities from these cybercriminals. The supermarket chain has taken the initiative to inform their customers for precautionary measures and to be aware of any fraudulent acts coming towards them.
It was rest assured that no financial data was obtained by the opposing party. Tesco issued new loyalty cards for its affected members, customer’s loyalty points will remain as it was from their previous storing.
The affected shoppers were advised to reset their passwords after the occurrence. The cause of this mishap was due to the carelessness in reusing the same password for every account there is.
It is important to come up with a different set of passwords every single time to ensure one’s personal data will not be easily manipulated by others.
This threat serves as a reminder to the importance of password itself. Loyalty programmes such as this are aimed as a rich target.
As a cybersecurity expert based in Malaysia, we hope for our local users to be more protective and creative with their logins. As for local IT professionals, we are not excluded from such unexpected occurrences. Condition Zebra places significance in continuous learning, we invite IT professionals out there to learn more about cybersecurity with us.