O2 customer data grab: Not-a-hack creds for sale on dark web

Are you a login-recycling gaming fan?


Hackers have gained access to customer data on UK telco O2 – and put it up for sale on the dark web.

The compromised data was likely obtained by using usernames and passwords stolen from gaming website XSplit three years ago in order to log onto O2 accounts.

When the login details matched, the hackers could access O2 customer data through a process known as "credential stuffing".

Password reuse fertilised dark web harvest

Hackers harvested all manner of sensitive data including dates of birth, phone numbers, emails, and passwords from O2 using the tactic, which ultimately relies on password reuse. The same password re-use problem exposes victims to attack on other third-party websites.

O2 – which stresses that it has not suffered a breach itself – has reported the case to police.

We have not suffered a data breach. Credential stuffing is a challenge for businesses and can result in many company’s customer data being sold on the dark net. We have reported all the details passed to us about the seller to law enforcement and we continue to help with their investigations.

We act immediately if we are given evidence of personal credentials being taken from the Internet and used to try and compromise a customer’s account. We take fraud and security seriously and if we believe a customer is at risk from fraud we inform them so they can take steps to protect themselves.

The incident underlines the dangers of password reuse, particularly among consumers.

Jon Geater, CTO, Thales e-Security, commented: "In today’s big-data fuelled world, with records such as usernames and passwords – which consumers often don’t change between websites – and email addresses, birthdates and phone-numbers also stolen – which consumers can't change – this type of simple breach is a goldmine for hackers.”

James Romer, chief security architect Europe, SecureAuth, added: “We all know that using the same password/username credentials across multiple sites is bad idea, yet it still happens far too often. Users have difficulty remembering different passwords for the multitude of needs of our online lives, so they default to using the same password over and over and it’s generally something simple. How many times has 1234 topped the most common password list?”

“However, bad actors are taking advantage of this laissez faire attitude, trying stolen credentials not just on one site but a number, even employing botnet which automate the process. Where the same credential combinations are repeatedly being used across a number of accounts, it’s the equivalent of a skeleton key to your online life,” Romer warned. ®

Similar topics


Other stories you might like

  • OpenID-based security features added to GitHub Actions as usage doubles

    Single-use tokens and reusable workflows explained at Universe event

    GitHub Universe GitHub Actions have new security based on OpenID, along with the ability to create reusable workflows, while usage has nearly doubled year on year, according to presentations at the Universe event.

    The Actions service was previewed three years ago at Universe 2018, and made generally available a year later. It was a huge feature, building automation into the GitHub platform for the first time (though rival GitLab already offered DevOps automation).

    It require compute resources, called runners, which can be GitHub-hosted or self-hosted. Actions are commands that execute on runners. Jobs are a sequence of steps that can be Actions or shell commands. Workflows are a set of jobs which can run in parallel or sequentially, with dependencies. For example, that deployment cannot take place unless build and test is successful. Actions make it relatively easy to set up continuous integration or continuous delivery, particularly since they are cloud-hosted and even a free plan offers 2,000 automation minutes per month, and more than that for public repositories.

    Continue reading
  • REvil gang member identified living luxury lifestyle in Russia, says German media

    Die Zeit: He's got a Beemer, a Bitcoin watch and a swimming pool

    German news outlets claim to have identified a member of the infamous REvil ransomware gang – who reportedly lives the life of Riley off his ill-gotten gains.

    The gang member, nicknamed Nikolay K by Die Zeit newspaper and the Bayerische Rundfunk radio station, reportedly owns a €70,000 watch with a Bitcoin address engraved on its face and rents yachts for €1,300 a day whenever he goes on holiday.

    "He seems to prefer T-shirts from Gucci, luxurious BMW sportscars and large sunglasses," reported Die Zeit, which partly identified him through social media videos posted by his wife.

    Continue reading
  • A Windows 11 tsunami? No, more of a ripple as Microsoft's latest OS hits 5% PC market

    Next version of Windows 10 looms around the corner

    Microsoft's Windows 11 OS has notched up a respectable near 5 per cent of PCs surveyed by AdDuplex, as another Dev Channel build was unleashed with new features for the favoured few.

    With less than a month of General Availability under its belt, Windows 11 now accounts for 4.8 per cent of "modern" PCs (Windows Insiders running the OS account for 0.3 per cent) according to the ad platform. The figure is up from the 1.3 per cent in September, which was Insider-only and points to some migration to the production version of the software.

    The figure is both an indicator of Microsoft's cautious approach to releasing its wares and the limited amount of hardware that can actually run the round-cornered OS.

    Continue reading

Biting the hand that feeds IT © 1998–2021