Use Tesco online? You need to read this.
Over the weekend, it was discovered that Tesco are storing customer passwords in an unsecure way - either in plain text or through some kind of reversible encryption - either option is unsafe and puts all of their customer personal details at risk of being stolen.
The revelation first came to light in the following reply to one of their customers, Troy Hunt, on Twitter...
Passwords are stored in a secure way. They’re only copied into plain text when pasted automatically into a password reminder mail.Instantly this shows a massive misunderstanding of web security and even more worryingly now makes Tesco a prime target for hackers looking for an easy score of millions of people's email addresses, PASSWORDS and personal details.
Troy's analysis of the situation is thorough and reveals that this is far from the only security snafu performed by the massive UK supermarket chain.
In short, if you're a Tesco customer change your password today and ENSURE THAT IT DOESN'T MATCH ANY OTHER PASSWORD YOU USE. We recommend you read the full article by Troy as it really does highlight just how lax the attitude to customer security the UK's biggest supermarket brand is.