Cyber criminals used data from previous high-profile hacks to break into thousands of Tesco.com accounts.
In total, 2,239 customers are said to have been affected by the incident, which first came to light on Thursday night, as reported by the BBC when it was contacted by some of the affected customers.
Customers reported seeing store vouchers stolen from their accounts after crooks used details from other data breaches to guess the email and password combinations of their logins for the site.
Tesco said it was aware and was working with customers to try and negate the effects of the incident.
"We have contacted all customers who may have been affected and are committed to ensuring that none of them miss out as a result of this," it said in a statement sent to the BBC. "We will issue replacement vouchers to the very small number who are affected."
It has also disabled some accounts of those affected. V3 contacted Tesco for more information, but had received no reply at the time of publication.
It is not clear which previous hacks the criminals used to piece together information for the Tesco.com site, but this breach underlines the perils of using identical email addresses and passwords for numerous online accounts.
Recent hacks that could have helped the criminals, though, include those against retailers such as US giant Target and last year’s attack on home retailer Lakeland. Adobe admitted cyber criminals stole account information from a whopping 38 million users, which could well have been used to help access the Tesco accounts.
Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal.