Tesco's website and app have crashed after what the retail giant said were attempts "to interfere with our systems".
The possible hack at Britain's biggest supermarket began on Saturday with shoppers unable to order goods and track deliveries.
Tesco initially said there was "an issue", but in a Sunday update said there had been deliberate disruption.
The retailer sought to assure customers their data was safe.
But shoppers have complained about a lack of information, with many wanting to know how to cancel orders and whether they can get money back.
A Tesco spokesperson said: "There is no reason to believe that this issue impacts customer data and we continue to take ongoing action to make sure all data stays safe.
"Since yesterday, we've been experiencing disruption to our online grocery website and app.
"An attempt was made to interfere with our systems which has caused problems with the search function on the site. We're working hard to fully restore all services and apologise for the inconvenience."
Tesco said the attempts to compromise its systems were made overnight from Friday to Saturday, but was not more specific. According to Downdetector, which monitors website outages, shoppers began reporting issues early on Saturday morning.
The scale of the problem, and whether the issue was nationwide or only in certain areas, was unclear on Sunday morning.
Meanwhile, shoppers have been trying to change or cancel deliveries, or switch to other supermarkets.
Tesco customer Chris Hodgson, who lives in Stoke-on-Trent, told the BBC the app had not been working properly for "a couple of days".
He picked up his click-and-collect order on Sunday, but had only managed to do half his weekly shopping before the website went down. "The collection member of staff hadn't been informed of any issues," Mr Hodgson said. "After I showed him the website, he said it was an unusually quiet day.
"I asked if I could reject the whole order and was informed I could only reject substituted items. I'll have to go out again this afternoon. If you're on a budget it's annoying, it's an inconvenience.
"Nothing from Tesco, no way of contacting them. Really poor by Tesco," he said.
Another customer, Rebecca, from North Wales, got a delivery of 120 Pepsi drinks on Sunday instead of her order.
"We were meant to get a week's shop this morning," she told the BBC. "The website was down all yesterday so we couldn't amend or cancel. All we received was 120 cans of Pepsi Max."
Growing problem
Rebecca, who asked for her surname not to be used, added: "I'd been going in to the order over and over yesterday, right up until the 11.45 deadline. I didn't try calling, there must be thousands in the same boat.
"Fortunately someone suggested that Asda had delivery slots for today so I managed to place an order last night (just before their deadline) for enough food for the next few days."
Tesco initially said on Saturday it was "working hard to get things back up and running", and apologised for the inconvenience.
The firm's online sales have soared recently, especially during lockdown, with the supermarket ramping up capacity.
Its latest financial results say the scale and reach of its online operations are "unmatched in the UK", with total sales topping £6bn. Tesco said it had 6.6 million app users.
Tesco has faced previous hacks. In 2014 about 2,000 customer accounts were deactivated amid fears login details were compromised, and there was also a cyber attack on the supermarket's bank arm.
But the problem is becoming more common globally. Earlier this year, international meat manufacturer JBS had to shut down about 25% of its operation. And large swathes of US fuel supply were closed after a ransomware attack on Colonial Pipeline.
Few sectors have escaped the attention of cyber-criminals, with airlines, banks, universities, local authorities, utilities and tech giants such as Microsoft all having faced attacks on their computer systems.