Tuesday, March 3, 2020

Tesco Clubcard holders warned of major security issue

Tesco has issued new cards to 600,000 members of its Clubcard loyalty scheme after discovering some accounts had been compromised.

The supermarket chain said attackers attempted to gain access to Clubcard accounts using a database of credentials stolen from other platforms.

Although the hackers were thought to have had some success, no financial information was exposed in the incident and Tesco’s systems have not been attacked, the company added. 

Fraudulent activity

Tesco’s loyalty scheme offers members one point for every pound spent, and every 100 points earned is worth £1 in in-store credit.

Although attackers gained access to the credit accrued by some account holders, Tesco said no Clubcard points will be lost and new vouchers will be issued.

“We are aware of some fraudulent activity around the redemption of a small proportion of our customers' Clubcard vouchers,” said a Tesco spokesperson.

“Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts.”

According to Chris Miller, Regional Director UK&I at RSA Security, incidents of this kind are exacerbated by users’ reliance on identical log-ins for multiple platforms.

“Authentication continues to be a balancing act between security and convenience and organisations must continue to look for convenient yet secure ways to make access as easy as possible for the user,” he told TechRadar Pro.

“From the end-user's perspective, it is really important not to use the same password for multiple accounts...After all, if attackers have tried to log into Tesco Clubcard with stolen credentials, in all likelihood they'll be trying the credentials on other sites too.”

All Clubcard members potentially affected by the incident have been informed via email.

Via BBC

Related Posts:

  • Survey says 49% of Indian consumers prefer e-commerce shopping Even as the Indian government is trying to bring in new rules for e-commerce market place, the general public seem to be increasingly in favour of shopping online. The pandemic and the resultant lockdown have pushed the publ… Read More
  • Twitter is going all-in on security keys After adding support for security keys last December, the social network Twitter has announced that it will soon allow accounts with two-factor authentication (2FA) enabled to use security keys as their only authentication m… Read More
  • Which dedicated server should I use? Unlike shared hosting or Virtual Private Servers (VPS), dedicated hosting means that the entire server is devoted to individual clients. With each such server powered by anywhere from 4-12, and sometimes even more CPU cores,… Read More
  • Druva data loss prevention Of the many data protection companies, Druva has earned its place amongst the best data loss prevention services in the world through the numerous awards it has won since its foundation in 2008.  It provides comprehensi… Read More
  • Google facing $5bn lawsuit over Chrome's not-so-incognito mode A lawsuit that alleges that Google Chrome tracks users even in its incognito mode has been given the go-ahead after a judge ruled against Google’s request for dismissal.  A class action lawsuit, originally filed in the … Read More

0 comments:

Post a Comment