British Gas customers’ data posted online, 2,200 records exposed

Pierluigi Paganini October 30, 2015

Data belonging to 2,200 customers of British Gas company have been posted online, the company confirmed that they did not come from its systems.

Data belonging to thousands of British Gas customers have been posted online, the company has already contacted 2,200 users to warn them about the data breach. The customers’ records leaked online include email addresses and account passwords, the account details were posted to online text-sharing service Pastebin.

According to the BBC, the British Gas customers have received by the company an email message that reads as follows:

““I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk. As you’d expect, we encrypt and store this information securely.””From our investigations, we are confident that the information which appeared online did not come from British Gas.”

The message doesn’t explain the source of the stolen data, but the company confirmed that the data had not come from British Gas systems.

British Gas 1

Security experts speculate that account details belonging to the British Gas customers may have origin from other data breaches and someone has tested them also to access the company accounts. Unfortunately, the majority of Internet users for passwords share the same credentials across multiple accounts on the web, it is enough compromise one of them to steal their digital identities.

This morning I’ve published another post that citing sources at the Financial Times, reveals that digital identities of tens of thousands of Britons are available for sale on the darkweb, including data belonging to the government personnel. Many experts speculate that the volume of data represents only the tip of the iceberg.

Experts from Symantec firm told the FT that details on over 600,000 customers were stolen from UK companies in 2014, and a significant portion is already available for sale in the criminal ecosystem.

Going back to the case of the British Gas company, users’ record leaked online will be sent to the Information Commissioner’s Office following the leak.
In response to the incident, the company has temporarily disabled the affected accounts, customers who believe they may have been victim of the data breach need to contact the company.

It is a bad period for Britons, the incident follows the clamorous data breach at TalkTalk.

Pierluigi Paganini

(Security Affairs – British Gas, hacking)

you might also like

leave a comment