Every little flaw helps damage a reputation

Every now and then a big company makes a silly little mistake with a large impact that makes you think nothing but ‘why?’

Tesco has been slammed this week for quite a crucial security flaw that really should never have been allowed to happen – especially for a company of this size and stature. It has come out that the passwords of users of Tesco’s online services have been stored in plain text without any encryption whatsoever and it’s slightly worrying that this simple yet vital step for Internet security was bypassed.

Security expert Graham Cluley said on the matter: “It does appear as though Tesco didn’t really follow industry best practice with their site. That’s not to say that people’s detail are at risk or that they’re in danger of being hacked – but it’s surprising to see how Tesco has designed its site with regards to how it stores its passwords.”

It has also been highlighted and criticised that Tesco do not use HTTPS across their site, leaving users susceptible to man-in-the-middle attack putting user’s data at risk. Let’s hope they make improving their online security a priority and, because Tesco is by no means the only organisation to be flawed in its online security in such ways, we hope that many brands learn from Tesco’s mistakes.