Its been confirmed that O2 customer data has been found for sale on the dark web which experts believe the data came from a hack several years ago from a gaming website called XSplit.
The log-in details were stolen from XSplit and were then matched with a number of O2 accounts, allowing the hackers access to customer’s personal information. This is known as credential stuffing.
Despite being told not to, a large percentage of online users reuse the same login details for numerous sites, making them especially vulnerable to having their data hacked. The hackers accessed customer’s personal information such as phone numbers, emails, and date-of-birth. This is all personal information that can be used for fraudulent purposes.
O2 claims they have not suffered a data breach
O2 has stressed that it has not suffered a data breach and that credential stuffing is a common challenge many businesses face, resulting in a large number of their customer’s personal information being sold on the dark web. O2 have said that they ‘take fraud and security seriously and believe if customers are risk from fraud we inform them so they can take steps to protect themselves’.
The O2 customers whose accounts details were being sold on the dark web have reportedly been informed.
The dangers of password reuse
We are continuously warned about not reusing passwords, and this case highlights this common and ongoing problem. As so much of our lives take part online, it’s easy to fall into the trap of reusing logins and passwords. By continuing to do this, hackers can have a better chance of taking advantage.
People need to do more in order to protect their personal data.
The need to protect yourself
There are a variety of ways in which data can be hacked so it is important that you use different passwords and take steps in order to protect your personal information.
We have already written previous posts about ways in which you can protect yourself online by limiting the amount of personal information you put online.
A potential claim?
As O2 claim they have not actually been hacked, it could prove difficult to claim from them for a data breach. In addition to that, hacks alone do not amount to definite claims, as it can depend on what measures an origination took to protect data.