O2 suffers data breach with customers details sold on dark web.
Popular mobile network provider O2 are hitting the headlines this week, after Victoria Derbyshire’s BBC programme found that customer details were being sold on the dark web.
However it has been revealed that O2 haven’t suffered a data breach at all, but infact has had customers details stolen via gaming website XSplit following a data breach which happened 3 years ago.
O2 have released a statement stating that they haven’t suffered a data breach: We have not suffered a data breach.
Credential stuffing is a challenge for businesses and can result in many company's customer data being sold on the dark net. We have reported all the details passed to us about the seller to law enforcement and we continue to help with their investigations.
But what can the public and businesses do to counteract these issues?
Being aware of these threats and adopting good security practices certainly stands you in good stead, but encouraging customers and employees to follow these other simple steps can also help further alleviate any potential risks:
- Stop using the same password across multiple sites. Once a hacker has this information they have the ability to access all accounts linked with that same password. Lesson: Frequently use different passwords!
- Try associating your password with a memorable sentence such as: ‘The house I grew up in was 43 High Lane and I lived there for 19 years’ TfhiLiw43HLaiLtf19Y. This will result in a very personable, strong password, all you need to do is remember a simple sentence.
- Enable a two-step verification on as many accounts as you can, this provides another level of protection making it very difficult for hackers.
- Ensuring you deploy a robust firewall and security solution within your business will protect your organisation from any data breach risks.
And finally…act now! Remember this is not just a problem for O2 customers and you could be next.