Cyber criminals used data from previous high-profile hacks to break into thousands of Tesco.com accounts.
In total, 2,239 customers are said to have been affected by the incident, which first came to light on Thursday night, as reported by the BBC when it was contacted by some of the affected customers.
Customers reported seeing store vouchers stolen from their accounts after crooks used details from other data breaches to guess the email and password combinations of their logins for the site.
Tesco said it was aware and was working with customers to try and negate the effects of the incident.
"We have contacted all customers who may have been affected and are committed to ensuring that none of them miss out as a result of this," it said in a statement sent to the BBC. "We will issue replacement vouchers to the very small number who are affected."
It has also disabled some accounts of those affected. V3 contacted Tesco for more information, but had received no reply at the time of publication.
It is not clear which previous hacks the criminals used to piece together information for the Tesco.com site, but this breach underlines the perils of using identical email addresses and passwords for numerous online accounts.
Recent hacks that could have helped the criminals, though, include those against retailers such as US giant Target and last year’s attack on home retailer Lakeland. Adobe admitted cyber criminals stole account information from a whopping 38 million users, which could well have been used to help access the Tesco accounts.
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software