Supermarket giant Tesco has had to deactivate thousands of its customers' online accounts after their login names and passwords were revealed by hackers.
More than 2,000 Tesco.com account details were posted to a text-sharing portal, after usernames and passwords were extracted from non-Tesco websites.
The culprits used data from other sites in the hope that shoppers would use the same account details for Tesco as they do with other websites.
Reports suggest that the details were taken from other security breaches and then tested against the Tesco website.
A Tesco spokesperson told Computing that the company was "urgently investigating" the claims, and that the firm takes "the security of its customers' data extremely seriously".
"We are contacting all customers who may have been affected and are committed to ensuring that none of them miss out as a result of this," the spokesperson said.
Some customers had their Tesco Clubcard points stolen as a result of the hack, and Tesco said it would issue replacement vouchers "to the very small number who were affected".
Last year, a number of Tesco Clubcard holders had their points stolen by hackers who were thought to have used phishing e-mails to extract the relevant information.