Bad passwords at fault for Tesco data breach


by Claire Vanner| 14 February 2014

Using the same password for all your accounts is a security faux pas.

Following the news that Tesco had its users' account detail posted online, the need to be vigilant with passwords is more apparent than ever.

Tesco has claimed that the data was compiled from details that hackers stole from other websites of potentially unrelated organisations. By utilising these password and email combinations, 2,239 accounts were compromised.

"It's important to note that the current information does NOT suggest that Tesco itself was breached, nor are we seeing any information that indicates that they have in any way exposed their customers to risk," Trey Ford, global security strategist for Rapid7 told CBR.

"This is about consumer behavior - people continue to reuse passwords and other credentials across multiple sites, making it easy for attackers to compromise them. It's essential to learn the lesson from this incident before the cost becomes greater," he said.

Security experts have stressed that customers need to take responsibility to ensure that they are not setting themselves up for a fall by using the same password for multiple online accounts.

"Our natural instinct is to simplify and use the same password and username combination for everything. But this is very risky as attacks like these demonstrate," Charles Sweeney, CEO of security solutions company Bloxx, told CBR.

"Whilst it might be convenient for you, it also makes it easier for hackers to steal your details from the multiple sites that you've signed up to."

Ford added: "We all know it's a pain to deal with multiple complex passwords across all the various sites and services we use, but there are solutions to help with that, encrypted password vaults like LastPass, 1Password, KeePassX and others.

As well as not using the same password for multiple accounts, Sweeny also advises not to use passwords or pins that are easy to second guess, like your address or date of birth, as this information can be easily obtained by anyone.

Ford advised that for those who want to add further protection to their accounts, they can take the imitative set up a password vault.

"From a trusted computer, trade out your old shared passwords for new unique ones. Change your email password first, it is the one key to rule them all - password resets go to your email," he said.

Post a comment

Comments may be moderated for spam, obscenities or defamation.
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.