In a blog post, the security researcher Troy Hunt, who previously claimed that Tesco was sending passwords in plain text via email, criticized the giant and said, "I would not for a moment assume that the extent of the damage is only a couple of thousand accounts, that's almost certainly only the tip of the iceberg.