CIO login and password details appear online

More than 2,000 accounts affected
  • Anh Nguyen (Computerworld UK)
  • 14 February, 2014 08:08

Tesco has become the victim of a cyber attack that has led to login and password details used by customers of its internet business being posted online.

According to the BBC, a list of more than 2,239 accounts was posted on a popular text-sharing site earlier today.

It is understood that hackers went through data stolen in other high-profile security breaches to draw up the list of details. They found that more than 2,000 customers used the same email and password combinations on the other sites, as they did on

The supermarket chain has deactivated some customers' online accounts in response to the breach, and said it was "urgently investigating" the incident.

The BBC used the email addresses from the list of stolen details to contact some of the customers, who confirmed the authenticity of the data. One person said that the hackers had used the details to steal their online vouchers.

Tesco said in a statement: "We have contacted all customers who may have been affected and are committed to ensuring that none of them miss out as a result of this.

"We will issue replacement vouchers to the very small number who are affected."

Last year, Tesco was forced to call in the police after hundreds of customers had their Clubcard loyalty accounts hacked.

The previous year, the Information Commissioner's Office (ICO) revealed it was looking into security concerns around Tesco's website, after a customer said that his password was emailed to him in plain text.