Tesco told the BBC is it "urgently investigating" the data breach, which has caused Tesco to deactivate some of the accounts.
It is believed the list was compiled by hackers who combed through data stolen in other high-profile security breaches, where users' password and email combinations were tried on Tesco.com. The BBC reported that 2,239 hits were correct.
The accounts were posted onto a test-sharing site on Thursday. Tesco said it has contacted all customers who may have been affected and are committed to ensuring that none of them miss out as a result of the security breach.
The company said: "We will issue replacement vouchers to the very small number who are affected."
A recent study found that almost half of the UK's online population are concerned that the internet is eroding their personal privacy, showing 48% of people aged between 16 to 64 are concerned.
At the start of the year, picture messaging service Snapchat had 4.6 million of its users' names and numbers published deliberately by hackers, to show the flaws in the social network's security.