The login details of more than 2,000 British Gas customers have been shared online, according to the BBC.
The British energy company has reportedly contacted 2,200 customers, although it claims that the details — shared on text-hosting site Pastebin — were not stolen from its servers.
“I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk,” the company said in an email to customers. “As you’d expect, we encrypt and store this information securely. From our investigations, we are confident that the information which appeared online did not come from British Gas.”
If not British Gas, where did it come from? It might be that be that a scammer (or scammers) tricked customers into disclosing their passwords and logins, and the information is a compiled list of them. Alternately, the BBC suggests the data could have come from a previous hack of another company, but people used the same passwords for both services — making their British Gas account vulnerable.
Whatever the source, it is alarming for customers — but relatively minor in the grand scheme of things. Just 2,200 out of British Gas’ 14.7 million accounts have potentially been compromised by the breach.
The news comes hot on the heels of a far more serious security issue — the hack of British broadband provider TalkTalk. The company was attacked last week, and it is warning that up to 4 million customers could be affected, with names, addresses and emails among the data potentially stolen.
Business Insider Emails & Alerts
Site highlights each day to your inbox.