How Tesco Clubcards Hacked After Details Leak

[Turk]

By Dan Bloom 10:12 GMT, 14 February 2014

Clubcards hacked after Tesco details leak: More than 2,200 accounts dumped on text sharing website

Details of 2,240 accounts appeared on popular text-sharing website

Hackers are thought to have taken leaked details from other sites' breaches

Same passwords would have been run through Tesco with some matches

Security experts: People should use a different password on every account

Tesco has shut down more than 2,000 user accounts for its online shopping site after a cache of e-mail addresses, passwords and voucher balances were dumped online.

Many thought the details on a popular text sharing site were a hoax until Twitter users said they had tested the combinations and they worked.

It is thought the list was drawn from previous security breaches and comprised victims who used the same password for Tesco.com - which was not hacked directly - and other, compromised sites.

A spokesman said the area of the site affected was for collecting and storing Clubcard points.

The hackers would have then tested e-mail and password combinations with Tesco and made a list of positive matches, it is believed.

The hack has reignited warnings by security experts for people to use a different password for every single online account which they use.

http://www.dailymail.co.uk/news/article-2559256/Tesco-security-breach-hackers-leak-2-000-passwords-internet-shoppers-online.html

Update:

The Tesco Hack : Heres How It (Probably) Happened By Troy Hunt 14 Feb 2014

Full Story: http://www.troyhunt.com/2014/02/the-tesco-hack-heres-how-it-probably.html

Edited February 15, 2014 by Turk