Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Npower data breach: Credential stuffing attack forces app closure
#1
British energy provider Npower has suffered a data breach exposing customers’ financial and personal data, forcing the company to shut down its mobile app.
Compromised data includes customers’ date of birth, address, contact details, bank sort codes and last four digits of bank account numbers.
 
Hackers gained access to an unknown number of accounts by using login details stolen from other websites. In such ‘credential stuffing’ attacks, cybercriminals count on people reusing the same passwords across multiple websites and use software to automatically test passwords at scale.
 
“These are not advanced attacks and the risk can be significantly reduced if online users use unique passwords for each account,” said Adam Palmer, chief cybersecurity strategist at cybersecurity firm Tenable.
“For businesses, these attacks are also one of the reasons they must act quickly to notify consumers of a data breach so steps can be taken to change passwords or monitor accounts.”
Npower, one of the ‘big six’ energy firms, did not say how many customers were impacted by the breach.
 
In a statement, Npower said it had contacted affected customers and encouraged them to change their passwords. It said it has also offered advice “on how to prevent unauthorised access to their online account”.
 
Cybersecurity experts warned that the Npower data breach, first reported by MoneySavingExpert.com, increases the risk of fraud and phishing attacks against those affected.
Npower said it has notified the UK’s data regulator, the Information Commissioner’s Office, and Action Fraud.
 
“This is a huge lapse of security from Npower, which has put consumers at substantial risk, and it will now be down to the ICO to investigate to figure out whether they deserve a fine,” said Ray Walsh, digital privacy expert at ProPrivacy.
Jake Moore, cybersecurity specialist at internet security firm ESET, said: “Two-factor authentication is another great way to improve the security of accounts, so it is something Npower should consider to better protect their customers.
“In general, it is a good idea to remind people to implement 2FA across all of their accounts, making password stuffing attacks that much harder for cybercriminals.”


Source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack mrtrout 0 7,939 06-20-2023 , 09:05 PM
Last Post: mrtrout
  Hackers Breach University of Manchester; School Says Attackers Likely Copied Data mrtrout 0 983 06-12-2023 , 10:39 PM
Last Post: mrtrout
  TikTok denies security breach after hackers leak user data, source code tarekma7 0 2,100 09-06-2022 , 10:19 AM
Last Post: tarekma7
  Volvo Cars discloses security breach leading to R&D data theft mrtrout 0 868 12-11-2021 , 12:25 AM
Last Post: mrtrout
  T-Mobile Customers Sueing the Company Over Data Breach mrtrout 0 818 08-23-2021 , 10:41 PM
Last Post: mrtrout



Users browsing this thread: 1 Guest(s)