Login

Register

Login

Register


UK supermarket giant Tesco is issuing 600,000 customers with new loyalty cards after some accounts were compromised by an unauthorized third party.

Although Tesco’s own IT systems were not compromised, it’s believed the hackers used a combo list of breached usernames and passwords sourced from elsewhere and conducted a brute force attack.

The supermarket also reassured customers that no financial details were taken.

“We are aware of some fraudulent activity around the redemption of a small proportion of our customers’ Clubcard vouchers,” a Tesco spokesperson told the BBC.

“Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts.”

Chris Miller, regional director, UK & Ireland at RSA Security, argued that credential stuffing attacks are one of the biggest causes of data loss.

“From the end user’s perspective, it really is important not to use the same password for multiple accounts — especially between work and personal accounts. If there has been a data breach such as this, which involves a company they have an account with, they need to change the password not just on that account, but also any other account that uses the same one,” he added.

“After all, if attackers have tried to log into Tesco Clubcard with stolen credentials, in all likelihood they’ll be trying the credentials on other sites too. Finally, some sites and apps will offer two-stage authentication, asking for both a password and, for example, a code delivered to a mobile phone. It’s a good idea to tick this option, as it can offer an extra degree of security.”

According to Akamai, there were 28 billion credential stuffing attacks on e-commerce accounts from May to December of 2018, amounting to 115 million attempts to log-in each day.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW