• AI
  • Business Intelligence
  • Cloud
  • Digital transformation
  • Data
  • Marketing
  • Security
  • United Kingdom
    • Germany
    • Spain
    • France
    • Portugal
    • Latin America
    • Brasil
    • INTERNATIONAL
Silicon UK TECHNOLOGY POWERING BUSINESS
  • Podcasts
  • Whitepapers
  • Brand Voice
  • Editorials
  • AI For Your Business Podcast
  • Follow us
    • Facebook
    • X
    • Linkedin
    • RSS
  • AI
  • Business Intelligence
  • Cloud
  • Digital transformation
  • Data
  • Marketing
  • Security
  • United Kingdom
    • Germany
    • Spain
    • France
    • Portugal
    • Latin America
    • Brasil
    • INTERNATIONAL

All Tech News > category news Security > category news CyberCrime

British Gas Customer Logins Published Online

Tom Jowitt, October 29, 2015, 10:32 am

Customer logins for British Gas customers published online as company reportedly denies system breach

British Gas has found itself at the centre of an incident that has seen customer login details published online.

A number of customer logins were briefly published to the document-sharing site Pastebin, before they were removed. But British Gas has denied it was hacked.

Not A Hack

British Gas has contacted about 2,200 of its customers, according to the BBC. The firm warned the customers that their login data had been published online, which will have revealed the users’ actual names, their addresses and even their past energy bills.

However, it is not thought at this time that the bank account and card details were revealed.

The firm says it has already disabled the affected accounts and customers are being asked to contact British Gas by telephone or securely reset their passwords via the company’s website.

cloudsecuritypasswordcommerceAnd British Gas has denied it is responsible for the leak of customer data.

“I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk,” the BBC quoted a British Gas email to customers.

“As you’d expect, we encrypt and store this information securely,” it added. “From our investigations, we are confident that the information which appeared online did not come from British Gas.”

Read also : German Facebook Users Eligible For Compensation Over Data Breach

TechweekEurope contacted British Gas, but the company said it would not be issuing a statement at this time.

So if British Gas was not hacked, then how exactly were the login details published online?

Well, with no official comment from British Gas, it is hard to say. It is possible a third party system may have been compromised somewhere else. Criminals could have taken the passwords from another data breach and checked to see if people used the same login details on the British Gas site.

Or it could be that users were fooled into keying in their login details after a phishing email that falsely claimed to be from British Gas.

Investigation Needed

At least one security expert said that British Gas needs to investigate the incident.

“It’s essential that British Gas investigates this breach thoroughly and does not rush the analysis,” said Justin Harvey, CSO of Fidelis. “With its customers at risk and reputation at stake, it needs to determine how attackers have accessed these credentials.”

“With rumours of phishing attacks and the fact that the data breach could have stemmed from a third party, the cause of the breach may point to some best practice education that needs to be done or perhaps more rigorous checks for partner companies,” said Harvey. “Companies, like British Gas, can also implement unique ways to authenticate their customers, apart from simple passwords.”

“While British Gas should be praised for detecting the breach and providing customers with support, it highlights the need for consumers to do their own due diligence,” he added. “With so many companies falling victim of breaches, there is a high chance that at one point credentials may be exposed – whether that be an email address, password or account information. This makes poor password habits – such as re-using the same password and email address combination – one of the easiest attack vectors for hackers as exposed credentials can be correlated. Every re-used password puts a user at greater risk of being compromised.”

Read also : US Releases Security Advice For AI In Critical Infrastructure

“Avoiding password re-use can be a laborious task for consumers, but there are tools that can alleviate the burden of constantly changing and remembering different passwords,” Harvey said. “One option is to use a tool which creates a centralised store of passwords and generates random, strong and unique passwords for each online service. If you go down this path, however, it’s wise to pick a very long, complex password to access the store, so as to ensure the ‘keys to the kingdom’ are protected.”

Ongoing Breaches

The British Gas incident comes after a number of high profile breaches and hacks of late.

Earlier this week Marks & Spencer had to briefly suspend its website, after “technical difficulties” exposed customer information to other website users. It insisted that its website had not been hacked.

But far more serious are hacks that affected companies such as TalkTalk. The ISP confirmed that customer data had been stolen after a “significant and sustained” cyberattack on its website earlier this month.

Police later arrested a 15-year-old boy in Northern Ireland in conjunction with the attack.

The Carphone Warehouse also suffered a serious data breach in August.

What do you know about Internet security? Find out with our quiz!

Read also : Russia Carrying Out Targeted Attacks In UK, Microsoft Warns
Recommend this article:
0 0

NEWSLETTER

Subscribe to our best articles

Facebook
Twitter
Linkedin
X Brand Discovery

Brand Discovery offers Advertisers the opportunity to speak directly to our professional communities. It’s an ad format that blends in with the editorial content and overall page design giving non-intrusive, flowing advertising experience. Readers can easily identify their provenance with the “Brand Discovery” mention. For any further information, contact us at the following address: internationalsales@netmediaeurope.com

NEWSLETTER Subscribe to our best articles
The editors recommend
A smartphone used to scan a QR code in a restaurant. Image credit: Unsplash
QR Codes Enable New Enterprise Phishing Threat
Sophos Expands Cybersecurity With $860m Secureworks Purchase
AT&T logo on a building. Image credit: Unsplash
US Lawmakers Seek Answers From Telcos Over China Hack
Marriott VRoom Service
Marriott Agrees To Pay $52 Million To Settle Data Breaches
water treatment plant
Largest US Water Utility Suffers Cyberattack
Computer code on a screen with a skull representing a computer virus / malware attack.
BT Identifies 2,000 Potential Cyberattacks Signals Every Second
  • #breach
  • #British Gas
  • #customer data
  • #login
  • #online privacy
Silicon UK

Follow us:

Facebook
Twitter
Linkedin
NEWSLETTER
About
Silicon UK is the leading source for IT news, analysis, features and interviews covering the technology that impacts your business. Keep up-to-date with the latest tech news and read in-depth features by subscribing to our newsletter and attending our events.
Our brands
  • NETMEDIA Group
  • NETMEDIA International
Legal Terms
  • Terms and Conditions
  • Privacy and Cookie Policy
Stay in touch
  • Advertise with us
  • Contact our Editorial team
  • Partnerships & WorldWide Program
NetMedia International :
  • Germany
  • France
  • Portugal
  • Spain
  • United Kingdom
  • WorldWide
↑
NetMedia International © Copyright 2024 All rights reserved. Part of NetMedia International. About NetMedia International