from Hacker News

Tesco say website and app down after hack attempt

by reallydontask on 10/24/21, 12:45 PM with 16 comments

• by TomAnthony on 10/24/21, 2:46 PM

  In 2017 I found a security issue with the Tesco website. It was a minor security issue, but I could see they had _attempted_ to stop people doing what I could do.

  I did manage to find an email address, but I got a templated response, and when I checked a year later it was still not fixed.

  Sure, it was a minor issue, but I was surprised Tesco didn't have a proper Vulnerability Disclosure Program or Bug Bounty program. A bug bounty program is an inexpensive way to avoid exactly this sort of issue.

• by tyingq on 10/24/21, 1:02 PM

  Their site is in a weird state at the moment. The homepage looks normal, and some of the category pages do too.

  But I get errors on pages like these:

  https://www.tesco.com/groceries/en-GB/zone/pharmacy ("Sorry, there's currently an issue on our website.")

  https://secure.tesco.com/clubcard/ ("Your browser has failed some security checks" - Lol...I don't think my browser is the issue)

• by FridayoLeary on 10/24/21, 1:41 PM

  The BBC really seem to be scraping the bottom of the barrel with their reporting. This really affects thousands of people all of whom couldn't care less what Chris Hodgson (bless him) thinks of the level of customer support that has been provided to him today.

• by docflabby on 10/24/21, 1:18 PM

  This doesn't surprise me, their online platform feels like one big sticking plaster. They've had previous problems with clubcards (reward cards) being hacked and pretty much blamed the users...

• by sys_64738 on 10/24/21, 4:27 PM

  Do we know for a fact it's a "hack attempt", whatever that means, or is it just a production problem which is all down to them?

• by dazc on 10/24/21, 2:03 PM

  Tesco seem to be throwing everything at online shopping despite all signs indicating its never going to be profitable for them.