Data belonging to 2,200 customers of British Gas company have been posted online, the company confirmed that they did not come from its systems.
Data belonging to thousands of British Gas customers have been posted online, the company has already contacted 2,200 users to warn them about the data breach. The customers’ records leaked online include email addresses and account passwords, the account details were posted to online text-sharing service Pastebin.
According to the BBC, the British Gas customers have received by the company an email message that reads as follows:
““I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk. As you’d expect, we encrypt and store this information securely.””From our investigations, we are confident that the information which appeared online did not come from British Gas.”
The message doesn’t explain the source of the stolen data, but the company confirmed that the data had not come from British Gas systems.
Security experts speculate that account details belonging to the British Gas customers may have origin from other data breaches and someone has tested them also to access the company accounts. Unfortunately, the majority of Internet users for passwords share the same credentials across multiple accounts on the web, it is enough compromise one of them to steal their digital identities.
This morning I’ve published another post that citing sources at the Financial Times, reveals that digital identities of tens of thousands of Britons are available for sale on the darkweb, including data belonging to the government personnel. Many experts speculate that the volume of data represents only the tip of the iceberg.
Experts from Symantec firm told the FT that details on over 600,000 customers were stolen from UK companies in 2014, and a significant portion is already available for sale in the criminal ecosystem.
Going back to the case of the British Gas company, users’ record leaked online will be sent to the Information Commissioner’s Office following the leak.
In response to the incident, the company has temporarily disabled the affected accounts, customers who believe they may have been victim of the data breach need to contact the company.
It is a bad period for Britons, the incident follows the clamorous data breach at TalkTalk.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.