MSE News: Tesco Clubcard holders: Consider changing password after breach

Former_MSE_Helen
Former_MSE_Helen Posts: 2,382 Forumite
edited 14 February 2014 at 7:27PM in Food shopping & groceries
"Tesco Clubcard users should consider changing passwords, after 2,000 login details have been published by fraudsters..."
Read the full story:

Tesco Clubcard holders: Consider changing password after breach

OfficialStamp.gif

Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.
«1

Comments

  • chardir
    chardir Posts: 229 Forumite
    First Anniversary Combo Breaker
    Tesco again proving they have no idea about web security.

    Why on earth do they limit passwords to 10 characters, letters and numbers only?!
  • Miroslav
    Miroslav Posts: 6,193 Forumite
    Combo Breaker First Post
    Done.

    Thanks for the heads up.
  • geordie_joe
    geordie_joe Posts: 9,112 Forumite
    Combo Breaker First Post
    chardir wrote: »
    Tesco again proving they have no idea about web security.

    You didn't read the article, did you?
    chardir wrote: »
    Why on earth do they limit passwords to 10 characters, letters and numbers only?!

    Because that was good security when the web site was developed. To try to change it now would involve 10 million people all trying to change their passwords at the same time and that would kill the system.

    Anyway, if you read the article you will see that it probably would not help anyway.
  • hi there i just wondered if i should change my credit card login password too? or is it just clubcard? thanks
  • Browntoa
    Browntoa Posts: 49,298 Forumite
    Name Dropper Photogenic First Post First Anniversary
    It's just clubcard but if you use the same password , perhaps wise
    Ex forum ambassador

    Long term forum member
  • Teapot55
    Teapot55 Posts: 729 Forumite
    First Anniversary First Post Photogenic Name Dropper
    Just changed my Tesco Clubcard password successfully.Couldn't get my log-in to work but phoned their freephone number and they did something at their end to make it work.Then I couldn't log out and I phoned again and they helped again.

    would've . . . could've . . . should've . . .


    A.A.A.S. (Associate of the Acronym Abolition Society)

    There's definitely no 'a' in 'definitely'.
  • geordie_joe
    geordie_joe Posts: 9,112 Forumite
    Combo Breaker First Post
    edited 18 February 2014 at 12:05PM
    hjd wrote: »

    (Text removed by MSE Forum Team)

    I've just been reading one long post from someone who got hacked twice. I'll call him a "he" to make things easier.

    First he claims to be an "IT Security professional" and claims Tesco 10 digit passwords are to blame as they are not strong enough.

    He got his voucher stolen, so he changed his password and got them stolen again.

    He then goes on to blame Tesco security for it. He also tells the Tesco person on the phone that h knows you can only use 10 digits in the password because it tells you that on the page.

    He then goes on to explain that he entered a 16 digit password, and the tesco system ignored the last 6 digits and just used the first 10 as his password. His account got hacked, so he changed his password, but he explains that he has a 10 digit "core password" and just changes the last 6 digits. So, in effect, he used the same 10 digit password again, and got hacked again. Well of course he did, he had the exact same password again!

    He blames tesco security for not being strong enough. Well I'm sorry, security is only as strong as the numpty using it.

    an "IT Security professional" who has a 16 digit password where the first 10 digits are a "core" password and only the last 6 digits change. Who then enters the 16 digit password into a 10 digit password box, knowing it can only take 10 digits. Then tries to change the password, after it has been hacked, by entering the same "core" 10 digits plus different last 6 digits.

    How did he not know he was entering exactly the same password?

    He was actually on the phone to tesco complaining that you can only have a 10 digit password, and actually tells the person that it says that in the instructions, when he entered a 16 digit password. He must have known the password he was entering was 16 digit, because he says he has a "core" 10 digit password which he adds another 6 digits to, to make it a new password.
  • redux
    redux Posts: 22,976 Forumite
    Name Dropper First Anniversary First Post
    edited 15 February 2014 at 6:34AM
    I can't log in.

    I'm told the password is wrong.

    So I arrange myself an email to change the password. The first attempt is rejected as I'm not allowed to use the same as a previous password. So I settle on a new one.

    I can't log in.

    I'm told the password is wrong.

    So I arrange myself an email to change the password. The first attempt is rejected as I'm not allowed to use the same as a previous password. So I settle on a new one.

    I can't log in.

    I'm told the password is wrong.

    So I arrange myself an email to change the password. The first attempt is rejected as I'm not allowed to use the same as a previous password. So I settle on a new one.

    I can't log in.

    I'm told the password is wrong.

    So I arrange myself an email to change the password. The first attempt is rejected as I'm not allowed to use the same as a previous password. So I settle on a new one.

    I can't log in.

    I'm told the password is wrong.

    So I arrange myself an email to change the password. The first attempt is rejected as I'm not allowed to use the same as a previous password. So I settle on a new one.

    I can't log in.

    I'm told the password is wrong.

    Surely it's a paradox that on each of several trips around this loop a brand new password is accepted and then rejected only a couple of minutes later

    I've emailed them about this, asking them to strike out all old passwords and enable a fully free choice to start again.

    No reply
  • Tried changing my password about a dozen times, making sure only to use 10 characters and a mixture of only letters & numbers.

    However each time the system tells me in red writing that I have to use 6-10 character and only numbers and letters.

    Exactly what I am doing.

    So for now I'm stuck with my existing password. Fortunately I don't use it with any other account elsewhere.
    Big thanks to Martin Lewis for helping us start to sort out our finances!!!:A

    Best Comp win:X-Box 360!!

    And thank you to all posters! You're wonderful!
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 343.1K Banking & Borrowing
  • 250.1K Reduce Debt & Boost Income
  • 449.7K Spending & Discounts
  • 235.2K Work, Benefits & Business
  • 607.9K Mortgages, Homes & Bills
  • 173K Life & Family
  • 247.8K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.9K Discuss & Feedback
  • 15.1K Coronavirus Support Boards