Tuesday, 26 July 2016

On 03:46 by admin   No comments
O2 customer data is being sold by criminals on the dark net, the Victoria Derbyshire programme has learned.

The data was almost certainly obtained by using usernames and passwords first stolen from gaming website XSplit three years ago to log onto O2 accounts.

When the login details matched, the hackers could access O2 customer data in a process known as "credential stuffing".

O2 says it has reported the case to police, and is helping the inquiry.

It is highly likely that this technique will have been used to log onto other companies' accounts too.

The data for sale included users' phone numbers, emails, passwords and dates of birth.

It was shown to the BBC by an ethical hacker, who found the information listed for sale on a dark net market. The dark net is a part of the internet that is only visible to people using specialist web browsers, and is often used for illegal activity.

BBC reporters purchased a small sample of customer details from the seller to investigate further and contacted O2. Together, the investigating teams believed it was the result of credential stuffing.

0 comments:

Post a comment