British Gas has locked down the accounts of some 2,200 of its customers after details including usernames and passwords for them were posted online. The energy firm ensures the public that a breach has not happened at its end and that no payment details or information from unaffected accounts has been stolen. It did however urge everyone affected to update their information on the British Gas website and to do so elsewhere if any of that information was re-used at all.
While it is never good to see account details posted freely online, the worst that could have happened we’re told is some that viewed the information before the accounts could be locked would have been able to see people’s energy bills, names and addresses, which while not ideal, is far from the most dangerous data to be copied away. Part of the reason nothing more important was taken we’re told, was because British Gas uses obfuscating security.
“As you’d expect, we encrypt and store [important] information securely,” a company spokesperson said (via the BBC), in what almost sounds like a jab at companies like Talk Talk which were recently found to not be encrypting the most sensitive data.
British Gas is also said to have contacted potentially affected customers before confirming logins posted online were legitimate, so there is some potential for the number of accounts with revealed information to be smaller than the listed numbers.
However the details were discovered somehow, and if the British Gas site wasn’t breached in any way, it may be that these accounts were accessed by using account details garnered from a hack on some other service, where people had re-used the same login information.
Discuss on our Facebook page, HERE.
KitGuru Says: It wouldn’t be entirely surprising if the affected British Gas customers here were also TalkTalk customers. Are you guilty of re-using your login details on multiple services?