Data belonging to thousands of British Gas customers have been posted online, the company has already contacted 2,200 users to warn them about the data breach. The customers’ records leaked online include email addresses and account passwords, the account details were posted to online text-sharing service Pastebin.
According to the BBC, the British Gas customers have received by the company an email message that reads as follows:
““I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk. As you’d expect, we encrypt and store this information securely.””From our investigations, we are confident that the information which appeared online did not come from British Gas.”
The message doesn’t explain the source of the stolen data, but the company confirmed that the data had not come from British Gas systems.
Security experts speculate that account details belonging to the British Gas customers may have origin from other data breaches and someone has tested them also to access the company accounts. Unfortunately, the majority of Internet users for passwords share the same credentials across multiple accounts on the web, it is enough compromise one of them to steal their digital identities.
This morning I’ve published another post that citing sources at the Financial Times, reveals that digital identities of tens of thousands of Britons are available for sale on the darkweb, including data belonging to the government personnel. Many experts speculate that the volume of data represents only the tip of the iceberg.
Experts from Symantec firm told the FT that details on over 600,000 customers were stolen from UK companies in 2014, and a significant portion is already available for sale in the criminal ecosystem.
It is a bad period for Britons, the incident follows the clamorous data breach at TalkTalk.
(Security Affairs – British Gas, hacking)