Stolen UK consumer data up for sale on sale online

News
By published

Tesco, McDonald's and Deliveroo login details all up for grabs

Data Breach
(Image credit: Shutterstock)

Cybercriminals are selling stolen data pertaining to UK consumers on the dark web, according to new research by Which?

An investigation by the consumer choice brand has found that account details acquired from data breaches are being offered cheaply online.

Among the personal data up for sale on the dark web are thousands of stolen Tesco Clubcard accounts, as well as details connected with fast-food chains and high-end hotels. In the case of the Tesco data, Which? found that individual accounts, which contain usernames, passwords and loyalty card balances, were sometimes available for just 42p each when purchased in bulk.

“Our research has found a treasure trove of stolen data being traded by criminals on the dark web, highlighting the danger of companies acting carelessly with their customers’ sensitive personal information,” Kate Bevan, Which? Computing editor, commented. 

“The [UK’s Information Commissioner's Office] must be prepared to issue heavy fines against companies that leave customers’ personal data exposed to cybercriminals and breach data protection law, so that they are incentivised to prevent breaches.”

Data for sale

Which? was unable to ascertain how the stolen Tesco data was acquired – or even if it was legitimate – but the supermarket chain did confirm in March last year that a database of usernames and passwords stolen from other websites had been used in an attempt to access Clubcard accounts. At the time, it claimed that its own systems had not been hacked and that affected accounts had been notified and blocked.

In addition to the Tesco data, Which? researchers also found account details connected to Deliveroo, McDonald’s and the MGM Resorts hotel chain available to purchase. Prices varied depending on the information being offered but, regardless of the efficacy of the stolen data, the details could be used by cyberattackers to engage in follow-up attacks, including spear-phishing campaigns.

In addition to tougher action by the Information Commissioner’s Office, Which? also called for consumers to be granted an easier route to financial compensation when they are affected by a data breach.

Barclay Ballard
Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
An aerial view of an Instavolt Superhub for charging electric vehicles

Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
See more latest
Most Popular
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
Tesla Model Y 2025
Tesla’s EU sales are in freefall as VW races ahead, but the Model Y could change all that
Asus NUC 15 Pro+
Asus unveils its most powerful mini PC to date — but I don't think the Intel-powered NUC 15 Pro+ will compete with Strix Halo models
HDD
Seagate teams with Nvidia to build an NVMe hard drive proof of concept, more than 3 years after its last effort
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection