Tesco Sends Security Warning To 600,000 Clubcard Holders – Experts Insight

Yesterday, it was reported that Tesco was experiencing security issues, and had issued new Clubcards to 600,000 account holders. The supermarket giant said it believed a database of stolen usernames and passwords from other platforms had been tried out on its websites and may have worked in some cases. No financial data was accessed, and its systems have not been hacked, it added. It said this was a precautionary measure and apologized for the inconvenience.

Subscribe
Notify of
guest
3 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Jake Olcott
Jake Olcott , VP of Government Affairs
InfoSec Expert
March 5, 2020 10:38 am

It’s no wonder that third-party risk has become the most significant cyber issue for organisations around the globe – lax understanding of third parties\’ security posture and practices is creating a massive weak spot for all organisations across all industries. Companies must continuously monitor their vendor relationships in order to get a better handle on supply chain risk.

Last edited 2 years ago by Jake Olcott
Lisa Baergen
Lisa Baergen , VP of Marketing
InfoSec Expert
March 5, 2020 10:36 am

90% of attacks start with some sort of automation, credential stuffing being a prominent one. The software for credential stuffing is so affordable that this type of attack has now become accessible for almost anyone. Hackers can now automatically cycle through thousands of username and password pairs and match them against login portals in a short period of time, until a match with an existing account is found. One effective way to stop this type of attack is to implement security solutions that detect this sophisticated automated activity at login and other placements. By using technologies that include behavioural analytics, automated activity is flagged at login before it can even test any credentials in the company\’s environment. At the same time, companies should stay alert for any leaked credentials of their employees or customers along with mentions of the company and brand names across the dark web to stay on top of this trend.

Last edited 2 years ago by Lisa Baergen
Paul Bischoff
Paul Bischoff , Privacy Advocate
InfoSec Expert
March 5, 2020 10:33 am

Hackers hit Tesco with an attack known as credential stuffing. In this attack, hackers attempt to log into accounts using usernames and passwords leaked from previous, unrelated data breaches and other sources. The attack demonstrates why customers should never reuse passwords across multiple accounts. If one account is compromised, criminals will attempt to reuse the same usernames and passwords on other accounts. This process is usually automated so that attackers can attempt hundreds or thousands of logins in a very short time. There\’s little Tesco could do to stop such an attack other than offer users two-factor authentication and limiting the number of login attempts. Two-factor authentication would require customers enter a one-time PIN number sent via SMS, email, or authenticator app whenever logging in from a new device.

Last edited 2 years ago by Paul Bischoff
3
0
Would love your thoughts, please comment.x
()
x