Loyalty Cards Targeted in Tesco Clubcard Attack

2020-03-04 16:16

U.K. supermarket giant Tesco is warning on a credential-stuffing attack that potentially affects 600,000 members of its Clubcard loyalty program.

"We are aware of some fraudulent activity around the redemption of a small proportion of our customers' Clubcard vouchers," a Tesco spokesperson told the BBC. "Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts."

No financial data was exposed, Tesco added, and people's loyalty points will remain unaffected.

Hackers can sell the account's credentials, or offer direct access to the accounts to people that go on to use the stored value, coupons, points and so on contained in them for themselves.

Credential stuffing meanwhile is a go-to account takeover technique.

News URL

https://threatpost.com/tesco-clubcard-account-takeovers/153430/

#tesco #attack