I am puzzled...
Someone I know of had their email hacked, and, of course, that means that the hacker could use email based password resets on various systems. They proceeded to do so, and thankfully left enough of a trail to work out what they did so the passwords could be sorted out. It does highlight the importance of email passwords being secure, but the puzzle is not that - it is what they did...
They reset passwords on a load of supermarket logins.
Now, I have only used tesco.com, but I imagine they are all much the same. You cannot order from them without using a card. Yes, tesco store my card but only display the last 4 digits and want the CV2 on every order - so if someone logged in to tesco as me they could not order anything on my card.
Even if they could, somehow, order, what then? I am not sure for collection but I assume they would want to see the club card and/or the bank card when you collect, so that is not going to work. And if they go for a delivery, they they create a log of where they had things delivered.
I suppose they could see my address, but why change multiple supermarket accounts - you only need one to see that.
So really, what is the point in "stealing" someone's supermarket logins?
Am I missing the bleeding obvious here or something?