17 February 2014

How seriously do you take your online security? Do you trust the big brands to protect your personal information? These questions and many like them were thrown up last week when hackers checked out with thousands of Tesco customers’ account details and posted them online. So who’s at fault?

Well, reports seem to suggest that the hackers were able to get into the accounts by using data leaked in separate security breaches within other organisations. This sounds they’re passing the buck but it does happen. Often, when databases are compromised, people’s details end up on sites like pastebin, which hackers use to boast about their attacks, so it’s just a case of just sifting through user credentials and finding ones that work on another website.

However, whilst it seems like Tesco weren’t directly responsible for this particular security breach, they have fallen foul in the past for making fairly basic mistakes around password storage and protection, something that was actually investigated at the time by the ICO.

We’ve got to hammer home the importance of businesses making sure their IT infrastructure is as robust as it possibly can be when it comes to customer details. There are so many services available to big companies that can test for and fix any vulnerability. There’s no margin for error when you’re protecting the personal information of thousands of people.

I think we can all learn from this latest attack though, not just the big corporations. Ultimately, as internet users, we’re responsible for protecting our information online too, and this includes not using weak passwords and not using the same password for multiple accounts.

Remember, for cybercriminals every little weakness helps!

Back to Blog