British Gas, a leading energy and home services provider in the U.K., has informed thousands of its customers that the email addresses and passwords they use to log on to the company’s website might have been stolen and leaked online after what appears to be customer data of British Gas dumped in the Pastebin website.
Initial reports have estimated the number of compromised data to be around 2200, although that is likely to shoot up in the succeeding investigations as cyber criminals might only be teasing those who are interested to buy the illegally leaked customer data.
The risk here is that the hackers who stole the email addresses and passwords would have access to other online accounts of the affected customers, if and only if these British Gas clients are in the habit of using the same password for multiple accounts.
That means pieces of personal information are at risk of falling into the hands of cyber crooks, and that is not far from taking place. By logging in to those accounts that have potentially the same credentials as those in the British Gas website, cyber criminals would be able to dig deeper into the privacy of the customers and steal additional information in a technique called data mining.
Data mining has outgrown the traditional method of manually logging in to one account after the other. Now, the technique can automate the process of extracting information from multiple accounts at the same time. Thankfully, if ever it is true, British Gas has promised that it already blocked the potentially compromised accounts it believed have not yet been accessed by the bad guys.
But is it really believable that only 2200 accounts have been affected by this breach? For the record, British Gas has approximately 15 million clients. There are probabilities that can be glimpsed from this incident. First, it could be that the initial figure is only a common-on created by the hackers to lure more prospects into purchasing a bulk of data. So it only makes sense that the attackers leaked just a small portion of the treasure trove of email addresses and passwords. It’s a marketing strategy, so to speak.
However, British Gas is convinced that the data dumped on Pastebin do not belong to any of its customers, a statement that we can take with a grain of salt for the simple reason that the company does not wish its customers to panic, and in order to allay fears, the leaked data must be disavowed.
As we have constantly recommended, never use the same username and password for your multiple online accounts in order to defend against data breaches.