Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Tesco Issues 600,000 New Clubcards After Brute Force Attack

UK supermarket giant Tesco is issuing 600,000 customers with new loyalty cards after some accounts were compromised by an unauthorized third party.

Although Tesco’s own IT systems were not compromised, it’s believed the hackers used a combo list of breached usernames and passwords sourced from elsewhere and conducted a brute force attack.

The supermarket also reassured customers that no financial details were taken.

“We are aware of some fraudulent activity around the redemption of a small proportion of our customers' Clubcard vouchers,” a Tesco spokesperson told the BBC.

“Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts.”

Chris Miller, regional director, UK & Ireland at RSA Security, argued that credential stuffing attacks are one of the biggest causes of data loss.

“From the end user’s perspective, it really is important not to use the same password for multiple accounts — especially between work and personal accounts. If there has been a data breach such as this, which involves a company they have an account with, they need to change the password not just on that account, but also any other account that uses the same one,” he added.

“After all, if attackers have tried to log into Tesco Clubcard with stolen credentials, in all likelihood they’ll be trying the credentials on other sites too. Finally, some sites and apps will offer two-stage authentication, asking for both a password and, for example, a code delivered to a mobile phone. It’s a good idea to tick this option, as it can offer an extra degree of security.”

According to Akamai, there were 28 billion credential stuffing attacks on e-commerce accounts from May to December of 2018, amounting to 115 million attempts to log-in each day.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Home Office Admits 100 GDPR Breaches in EU Scheme

2
News

Walgreens App Error Has Customers Viewing Each Other's Personal Messages

3
News

Thoma Bravo Acquires Sophos for $3.9bn

4
News

Sports Giant Decathlon Leaks 123 Million Records

5
News

Canada's Auditor General: "Our Main IT System Is Running on DOS"

6
News

SpaceX Contractor Hit by Data Breach

1
News

Zynga Facing Lawsuit Over Data Breach

2
Interview

#RSAC Video Interview: Alyssa Miller, Hacker, Researcher & Security Evangelist

3
News

Carnival Cruise Lines Hacked

4
News

Mobile Attacks Outpace Desktop Assaults

5
News

Security by Sector Interview: Cybersecurity and the Gaming Industry

6
Magazine Feature

Are CISOs the New Sales Experts?

1
Webinar

2FA or MFA: Which Authentication is Right for Your Business?

2
Webinar

Make Your Own Security Superstars: Scale and Upskill Your Security Team

3
Webinar

Gain Control and Security of Your File Collaboration

4
Webinar

Leveraging ISO 27001 to Manage Cyber & Information Security Risks

5
Webinar

AI in Security: Keeping Up with the Trend

6
Webinar

Automation in Data File Transfer: Improving Security and Saving You Time

1
Blog

Women in Cybersecurity Keynote: Bobbie Stempfley Shares Invaluable Career Advice

2
News Feature

CyberCenturion Winners Crowned as Competition Culminates in London

3
Interview

#RSAC Video Interview: Kathleen Smith, CMO, CyberSecJobs

4
Interview

Interview: Carolyn Crandall, Chief Deception Officer, Attivo Networks

5
Opinion

How the Cloud Complicates the Digital Crime Scene

6
Blog

Meeting SOC 2 Compliance With Your Own Products