Tuesday, 26 July 2016

O2 denies hacking breach as customer data emerges on the dark web

Hackers have listed purported O2 customer data for sale on the dark web. The data was reportedly first stolen from a gaming site in November 2013, which was later used by the hackers to access O2 customer data. The personal data on sale on the dark web includes names, phone numbers, date of birth, emails and passwords.

An O2 statement said: “We have not suffered a data breach. We have reported all the details passed to us about the seller to law enforcement and we continue to help with their investigations.”

The stolen username and passwords came from a gaming website called XSplit, which the hackers then used to match to O2 accounts. On successfully matching login details, the cybercriminals could then access O2 customer data. This process is called “credential stuffing” and is commonly used by cybercriminals of varying skills to conduct different kinds of cyberattacks.

O2 said: “Credential stuffing is a challenge for businesses. We act immediately if we are given evidence of personal credentials being taken from the internet and used to try and compromise a customer’s account. We take fraud and security seriously and if we believe a customer is at risk from fraud we inform them so they can take steps to protect themselves.” For the full article click here 



from hacker samurai http://ift.tt/29WVWhO
via IFTTT

No comments:

Post a Comment