Over 2,000 British Gas customer logins released online
Thousands of British Gas customers have had their email addresses and passwords exposed online


Thousands of British Gas customers have been informed that their email addresses and passwords have been revealed online, though the company has denied that its systems have been breached.
Accounts that have been compromised arecurrently disabled, reportsBBC News, and the company has assured customers that no bank account details have been accessed. The login details could, however, be used to find out details such as names and addresses.
The email sent to customers who have been affected reads: "I can assure you there have been no breach of oursecure data storage systems, so non of your payment data, such as bank account or credit card details, have been at risk. As you'd expect, we encrypt and store this information securely.
"From our investigations, we are confident that the information which appeared online did not come from British Gas."
The email addresses and passwords appeared on document-sharing site Pastebin, but have since been removed. It has beentheorisedthat the details were not obtained via a hack on British Gas, but from another source which was then cross-referenced with users who used the same login details across multiple accounts.
Jason Hart, CTO data protection at Gemalto, said: "Today, people often opt for easy-to-guess passwords, write them down, orjeopardisethe security of multiple accounts by using the same password for online banking, email and social media. As people havemultipleidentities across their business and personal lives, if one account is breached, the likelihood is that all personas are at risk as well.
"Breaches are not a matter of "if" but "when". Companies should also move to a 'secure breach' approach that assumesbreachesare inevitable and place security directly on the data itself by using encryption. This effectively kills the data and renders it useless should it fall into the wrong hands."
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
The news follows ahack on TalkTalkwhich occurredlast week, which involved a "sustained" cyber attack resulting in the exposure of customer details such as names, addresses, dates of birth, email addresses, phone numbers and other account-related details.
"As we saw with the TalkTalk breach, the failure to encrypt data has potentially exposed thepersonal and financial data of thousands if not millions of customers," Hart added.
Caroline has been writing about technology for more than a decade, switching between consumer smart home news and reviews and in-depth B2B industry coverage. In addition to her work for IT Pro and Cloud Pro, she has contributed to a number of titles including Expert Reviews, TechRadar, The Week and many more. She is currently the smart home editor across Future Publishing's homes titles.
You can get in touch with Caroline via email at caroline.preece@futurenet.com.
-
Asus ZenScreen Fold OLED MQ17QH review
Reviews A stunning foldable 17.3in OLED display – but it's too expensive to be anything more than a thrilling tech demo
By Sasha Muller
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto Networks
Case study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
By Rory Bathgate
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolen
Capita told the pension provider to “work on the assumption” that data had been stolen
By Ross Kelly
-
Gumtree site code made personal data of users and sellers publicly accessible
News Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
By Connor Jones
-
Pizza chain exposed 100,000 employees' Social Security numbers
News Former and current staff at California Pizza Kitchen potentially burned by hackers
By Danny Bradbury
-
83% of critical infrastructure companies have experienced breaches in the last three years
News Survey finds security practices are weak if not non-existent in critical firms
By Rene Millman
-
Identity Automation launches credential breach monitoring service
News New monitoring solution adds to the firm’s flagship RapidIdentity platform
By Praharsha Anand
-
Neiman Marcus data breach hits 4.6 million customers
News The breach took place last year, but details have only now come to light
By Rene Millman
-
Indiana notifies 750,000 after COVID-19 tracing data accessed
News The state is following up to ensure no information was transferred to bad actors
By Rene Millman
-
Pearson fined $1 million for downplaying severity of 2018 breach
News The SEC found the London-based firm made “misleading statements and omissions” about the intrusion
By Rene Millman