O2 customer data was found for sale on the dark web from a hack that reportedly took place several years ago. The data was supposedly obtained from gaming website XSplit.
Log-in details were stolen from XSplit, and were then matched with a number of O2 accounts, allowing the hackers access to customer’s personal information. This is known as credential stuffing.
As so many people are online and reuse the same usernames and passwords, even though we are told not to, this hack has made people vulnerable to further problems. The hacker’s accessed customer’s personal information such as phone numbers, emails, and their date of birth. You can read more on this story here.
Today, we’ll be looking at the industry’s reaction to the hack.
The O2 data hack and how the industry has reacted
The O2 data hack is yet another in one of the many data hacks that have taken place over the last few years. Here’s how the industry has reacted to the hack:
“This shows how a single data breach can go on to impact other organisations.”
“The challenge this highlights for businesses is the how employees or customers will unintentionally allow their credentials to be stolen or access hijacked.”
“Businesses need to understand where the threat is coming from and what normal behaviour looks like in order to detect unusual activity, respond appropriately and secure themselves.”
“The customers affected by breaches of this nature are those who recycle their passwords across multiple identities but it’s time that service provider stopped blaming their customers for what is grossly inadequate security.”
“It’s imperative that organisations now reject simple password authentication and adopt secure alternatives before consumers lose complete faith in the online service providers.”
“This hack highlights the fact that even the biggest brands, with the most advanced security, can be breached.”
“Another high-profile data breach such as this reminds us that our identities are increasingly becoming the target for many sophisticated hackers, today.”
“High-profile brands and businesses must implement and invest in two-factor and multi-factor authentication to safeguard data and maintain customer loyalty.”
“The O2 data leak must be a stark wake up call for businesses who continue to rely on traditional username and password authentication alone. We all know that using the same password/username credentials across multiple sites is a bad idea, yet it often still happens.”
“However, bad actors are taking advantage of this laissez faire attitude, trying stolen credentials not just on one site but a number, even employing botnet which automate the process.”
“Organisations must move away from the current reliance on a single point of authentication to multifactor, or even better, continuous authentication.”
“Well, the truth is, password management is still very much a critical element to an organisations security and risk management programs and one that many organisations are still struggling to get right.”
“In fact, many of the major security breaches that have occurred over the last couple of years – ones that have even impacted the most basic consumer – have all been password related.”
Source: www.itproportal.com/2016/07/26/o2-customer-data-leak-industry-reaction/