Cyber Incident Victim: Tesco PLC

On June 25, 2019, Tesco’s official Twitter account with approximately 500,000 followers was compromised by an unauthorized actor. The breach became evident when the account posted a pinned tweet promoting a Bitcoin cryptocurrency scam, instructing followers to send funds to the wallet address 3M3eTTJwkQkkL7GjSSSfrpfPJLyJztMAcy with promises of doubled returns. Concurrently, the account lost its verification badge, a consequence of the attacker altering the username. Followers received notifications of unusual activity, including retweets of Bill Gates’ account and impersonation of Gates through replies. The attacker engaged directly with customers complaining about Tesco’s services, soliciting private information such as full names, home addresses, and postcodes under the guise of resolving issues. These interactions occurred while the hacker maintained the false persona of Bill Gates, further eroding the legitimacy of the communications.

The attacker expanded their activities by following Tesco customers unexpectedly, amplifying the account’s anomalous behavior. Tesco acknowledged the breach and initiated efforts to restore control of the compromised profile, though the timeline for full recovery remained unclear at the time of reporting. The incident exposed followers to financial fraud risks through the Bitcoin solicitation and potential privacy violations via the direct requests for personal data. Tesco, a multinational retailer operating over 6,800 stores across multiple countries including the UK, Ireland, and several European and Asian nations, faced reputational scrutiny due to the account’s misuse for deceptive interactions. No details regarding the compromise’s origin, customer data exfiltration, or financial losses from the Bitcoin scheme were disclosed in available sources. The company’s response focused solely on account restoration without public elaboration on mitigation measures or stakeholder notifications.