Tesco website and app back up after hack attempt

By Russell Hotten
BBC News

Published

Tesco's website and app are now up and running again, following a service outage that began on Saturday.

The retail giant's services had crashed after what Tesco said were attempts "to interfere with our systems".

The possible hack at Britain's biggest supermarket began with shoppers unable to order goods and track deliveries.

Tesco initially said there was "an issue", but in a Sunday update said there had been deliberate disruption.

The supermarket later confirmed on Twitter that its groceries website and app were back up and running, but it was temporarily using a "virtual waiting room" to manage the high volume of traffic.

Tesco said the attempts to compromise its systems were made overnight from Friday to Saturday, but was not more specific.

According to Downdetector, which monitors website outages, shoppers began reporting issues early on Saturday morning.

The scale of the problem, and whether the issue was nationwide or only in certain areas, remained unclear on Sunday night.

Shoppers complained over the weekend about a lack of information, with many wanting to know how to cancel orders and whether they can get money back.

Earlier on Sunday, a Tesco spokesperson said: "There is no reason to believe that this issue impacts customer data and we continue to take ongoing action to make sure all data stays safe.

"Since yesterday, we've been experiencing disruption to our online grocery website and app.

"An attempt was made to interfere with our systems which has caused problems with the search function on the site. We're working hard to fully restore all services and apologise for the inconvenience."

Meanwhile, shoppers were trying to change or cancel deliveries, or switch to other supermarkets.

Tesco customer Chris Hodgson, who lives in Stoke-on-Trent, told the BBC the app had not been working properly for "a couple of days".

He picked up his click-and-collect order on Sunday, but had only managed to do half his weekly shopping before the website went down. "The collection member of staff hadn't been informed of any issues," Mr Hodgson said. "After I showed him the website, he said it was an unusually quiet day.

"I asked if I could reject the whole order and was informed I could only reject substituted items. I'll have to go out again this afternoon. If you're on a budget it's annoying, it's an inconvenience.

"Nothing from Tesco, no way of contacting them. Really poor by Tesco," he said.

Image source, Tesco
Image caption,
Tesco has opened a check-out free store where customers use the app to choose groceries and leave with them

Another customer, Rebecca, from North Wales, got a delivery of 120 Pepsi drinks on Sunday instead of her order.

"We were meant to get a week's shop this morning," she told the BBC. "The website was down all yesterday so we couldn't amend or cancel. All we received was 120 cans of Pepsi Max."

Growing problem

Rebecca, who asked for her surname not to be used, added: "I'd been going in to the order over and over yesterday, right up until the 11.45 deadline. I didn't try calling, there must be thousands in the same boat.

"Fortunately someone suggested that Asda had delivery slots for today so I managed to place an order last night (just before their deadline) for enough food for the next few days."

Tesco initially said on Saturday it was "working hard to get things back up and running", and apologised for the inconvenience.

The firm's online sales have soared recently, especially during lockdown, with the supermarket ramping up capacity.

Its latest financial results say the scale and reach of its online operations are "unmatched in the UK", with total sales topping £6bn. Tesco said it had 6.6 million app users.

Tesco has faced previous hacks. In 2014 about 2,000 customer accounts were deactivated amid fears login details were compromised, and there was also a cyber attack on the supermarket's bank arm.

But the problem is becoming more common globally. Earlier this year, international meat manufacturer JBS had to shut down about 25% of its operation. And large swathes of US fuel supply were closed after a ransomware attack on Colonial Pipeline.

Few sectors have escaped the attention of cyber-criminals, with airlines, banks, universities, local authorities, utilities and tech giants such as Microsoft all having faced attacks on their computer systems.

More on this story