The details of 2,200 British Gas customers have been posted online. British Gas has confirmed that the data is genuine and disabled the accounts but deny its systems have been breached.
James Maude, Senior Security Engineer at Avecto said the leak could be related to other recent data breaches:
“The Centrica owned company is confident that their customer data is secured and encrypted, which leaves the question where did the data come from? As the data set which appeared on the document sharing site pastebin is relatively small there is some speculation that this was the result of a phishing campaign trying to grab users’ credentials.
“One other possibility is that this is linked to other breaches, Avecto’s researchers often find stolen data from one breach being used to target other companies. For example, the attackers could take data from the TalkTalk breach and use stolen information or shared passwords to gain access to other sites and services. This is common practice now as it allows criminals to build a much more detailed profile of a victim in order to gain access to their bank accounts or steal their identity. Although a utility provider seems like an unlikely target they may reveal financial information such as direct debit amounts used by banks to verify a customer. More worryingly with the rise of smart meters energy patterns may show when someone is not at home.”
