British Gas has revealed that account login information and passwords belonging to over 2,000 of its customers were posted online recently. Some unanswered questions remain, however, as British Gas has been quick to reassure affected customers that its secure systems were not breached by hackers but it has also said that the information was not published by someone who works for British Gas. So where exactly did the data come from?
Industry commentators have suggested that the details were either gathered as the result of phishing attacks or were opportunist in that they had been obtained from another breach and the perpetrators checked to see that the same details worked for British Gas. It would seem clear that no payment information was at risk and that only limited customer details such as name, address and a possible view of past energy usage were visible. The details initially appeared on the site Pastebin before being promptly removed.
British Gas has 14.7 million customer accounts.