Tesco.com, one of the largest retail websites in the UK, is being investigated by the Information Commissioner’s Office (ICO), due to its bad security habits.
Investigations have found that Tesco.com is using unsafe security practices, for instance, login and password information is stored ‘unhashed’,’unsalted’, and most likely unencrypted.
After shoppers log in on the site, it allows them to shop with no encryption, therefore allowing traffic and identifications to be mixed in session cookies, allowing the session to be hijacked.
Other factors of the website suggest they need updated file encryption software, as theirs is dated and not up to the current standards of the ICO. It is important to make sure your security software is up to date as it can cause serious issues if someone was to hack into the sites protected information.
Tesco is apparently working on its website to update the software, so hopefully it will get it sorted soon and protect its online users.