Hackers have exposed several thousand Tesco.com customer account details online.
The list of more than 2,000 Tesco.com accounts was posted to popular text-sharing site Pastebin on Thursday.
The supermarket giant said the data had been compiled by hackers using details stolen from other sites.
In response to the attack, Tesco has deactivated the accounts in question while it begins “urgently investigating” the leaked data.
Some account holders have claimed that their store vouchers were stolen through the hack.
“We have contacted all customers who may have been affected and are committed to ensuring that none of them miss out as a result of this,” the supermarket said in a statement.
“We will issue replacement vouchers to the very small number who are affected.”
It is thought the list was drawn up by attackers who combed through data stolen in other high-profile security breaches.
Password and email combinations seen in those large breaches were then tried on the Tesco site and resulted in 2,239 hits where the same credentials were used.
The attack is not the first time that Tesco has fallen victim to cyber-thieves. In early 2013 hundreds of owners of Tesco Clubcards reported their loyalty card account had been penetrate.