Tesco Issues 600,000 New Clubcards After Brute Force Attack
Tesco, a UK based supermarket, has been forced to issue 600,000 new loyalty cards after customers’ accounts were compromised by a malicious third party. Although the company’s IT systems were not compromised, hackers allegedly used a combo list of breached usernames and passwords to conduct a brute force attack. However, Tesco stated that no customer financial details were taken in the attack. Clubcard vouchers were compromised in the attack.
Tesco stated that their internal systems caught the attack early and that the company was able to address the incident before it became a massive data loss, as credential stuffing attacks are often one of the biggest risks in terms of data loss. Credential stuffing is often most effective when customers are using the same password for multiple accounts, especially between work and personal accounts.