Supermarket chain Tesco claims that it has ‘robust’ online security amidst criticism of its unencrypted email password system.
Claims have been made that Tesco has failed to properly protect the data of its customers after customer service manager Steve Wood responded to an email highlighting the issue.
The correspondence, posted by web developer Ben Clark on Pastebin began with him emailing Tesco to highlight an issue he came across after he used their forgotten password link. He then received his original password in plain text rather than one-way encrypted.
“This is a very basic level of security that would protect your customers should your database get compromised by preventing anyone from seeing your customers passwords. It also prevents potentially malicious people within the organisation from being able to see the password,” explained Clark, who added that his initial confidence in Tesco’s security had been damaged as a result.
He then received a response from Wood confirming that no encryption was used, but saying that only senior technical positions could access the information.
This confirmation has led to more questions being asked about just how seriously Tesco takes its online security measures.
Speaking to The Drum, a spokesperson indicated that at the moment the company was not planning to alter its password system when asked.
“We know how important internet security is to customers and the measures we have are robust. We are never complacent and work continuously to give customers the confidence that they can shop securely,” was the statement issued by the company.
Meanwhile, technology website The Data Fix has reported that Tesco has known about the issue for two years.