Tesco is warning on a credential-stuffing attack that potentially affects 600,000 members of its Clubcard loyalty program. It said that it detected cybercriminals trying out different name and password combos, gleaned from a database of stolen usernames and passwords for other services, on Clubcard accounts. No financial data was exposed, and people s loyalty points will remain unaffected. Credential stuffing is a go-to account takeover technique that takes advantage of the fact users often reuse the same passwords across multiple online accounts.
Source: https://threatpost.com/tesco-clubcard-account-takeovers/153430/

