Tesco has suspended thousands of online accounts after cybercriminals targeted log-in credentials and Clubcard points.
The deactivation comes after thousands of usernames and passwords - taken from non-Tesco websites - appeared on a text sharing website.
Fraudsters then used that data to crack accounts at Tesco.com, relying on the fact that some people use the same usernames and passwords for various websites.
Tesco said it was "urgently investigating" the appearance of the data on the websites and only a 'very small' number of voucher holders were hit.
Logins harvested through Phishing
The Log-in credentials of customers were allegedly harvested by hackers using phishing emails.
A Tesco spokesman told the BBC: "We have contacted all customers who may have been affected and are committed to ensuring that none of them miss out as a result of this," the supermarket said in a statement.
"We will issue replacement vouchers to the very small numbers who are affected."
For further information please visit the BBC website.
Please note that Action Fraud is not responsible for the content of external websites.
To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.