Customer data from telecoms service provider O2 is available for sale on the Dark Web.
Cyber criminals have been selling phone numbers, emails, passwords and dates of birth of O2 customers on the internet.
Bury Free Press reports:
BYPASS THE CENSORS
Sign up to get unfiltered news delivered straight to your inbox.
You can unsubscribe any time. By subscribing you agree to our Terms of Use
The data was almost certainly obtained by using usernames and passwords first stolen from gaming website XSplit three years ago to log onto O2 accounts, the BBC’s Victoria Derbyshire programme has learned.
When the login details matched, the hackers could access O2 customer data in a process known as “credential stuffing”.
O2 says it has reported the case to police, and is helping the inquiry.
It is highly likely that this technique will have been used to log onto other companies’ accounts too.
All the O2 account holders whose details the BBC has seen have been informed, with many saying they had used the same login for other online accounts.
O2 customer details have been sold on the dark net – this is me calling people to tell them https://t.co/jHwlpzsi5Ohttps://t.co/GiJHeVkGIS
— Catrin Nye (@CatrinNye) July 26, 2016
O2 said in a statement: “We have not suffered a data breach. Credential stuffing is a challenge for businesses and can result in many company’s customer data being sold on the dark net.
“We have reported all the details passed to us about the seller to law enforcement and we continue to help with their investigations.”
Edmondo Burr
CEO
Assistant Editor
Latest posts by Edmondo Burr (see all)
- Police Arrest Suspect In Supermarket Baby Food Poisoning - October 1, 2017
- Seoul Secures Data From Electromagnetic Interference By N Korea - September 30, 2017
- The ‘World’s First Internet War’ Has Begun: Julian Assange - September 30, 2017