In what seems like a spate of cyber attacks striking the UK, over 2,000 customers’ login details including email addresses and passwords have been exposed online.
British Gas has contacted at least 2,200 customers to inform them that their contact details have been posted online. In a peculiar twist, the company is not to blame here, as all reports indicate that British Gas’ systems remain intact and hasn’t suffered a breach, according to BBC News.
The company confirmed that no payment details were revealed either due to the encryption enforced. The login details were posted on Pastebin in a dump file before eventually being removed. Compromised accounts have been disabled, and the company has moved to reassure customers that no other data has been revealed. It warned its customers, however, to let them know that login details can be used to locate and find names and addresses.
A Data Hack and Leak from Elsewhere
It is speculated that the users’ details were taken from a different source that was then cross-referenced with British Gas users who used the same login details across a number of accounts for online services.
The official British Gas email sent to the affected customers reads:
“I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk.
“From our investigations, we are confident that the information which appeared online did not come from British Gas.”
The email also assured customers that their data was encrypted on the website, unlike the recent TalkTalk breach where the CEO admitted to not encrypting all of the customer’s information.
Related article: TalkTalk Hackers Put Forth a Ransom Demand of $122,000
Altogether, the breach affects a small portion of British Gas customers which counts 14.7 million customer accounts.
Another theory that speculates the means to compromise thousands of users’ login details involves a phishing campaign that could be much larger than the two thousand customers of British Gas.
Britain has been weathering a storm of cyber attacks lately, and the latest incident comes after retailer Marks and Spencer suffered a glitch on its website that allowed customers to see each other’s account details. The other recent breach is the now infamous TalkTalk breach that may have potentially compromised the details of 4 million British users.