Energy firm Npower has closed down its app following an attack that exposed some customers’ financial and personal information. Contact details, birth dates, addresses, and partial bank account numbers are among the details believed stolen. The firm did not say how many accounts were affected by the breach, which was first reported by MoneySavingExpert.com.
But the affected accounts had been locked, Npower had said.
“We identified suspicious cyber-activity affecting the Npower mobile app, where someone has accessed customer accounts using login data stolen from another website. This is known as ‘credential stuffing’,” the firm said in a statement.
Experts Comments
A data breach is often only the start of a series of privacy concerns for victims. According to Tenable Research's analysis of 730 publicly disclosed data breaches last year, 22 billion records were exposed. That's a lot of information that attackers can use to further their malicious activities. The attack against the Npower app is just the most recent example of cybercriminals using previously stolen or leaked consumer data to launch additional attacks.
Known as “credential
.....Read MoreThe Npower app breach shows that no matter how prepared a company thinks they are, cybercriminals will always try to get the upper hand by taking advantage of the weak spots you didn’t know you had. Contact details, birth dates, addresses and partial bank account numbers are believed to have been stolen which is worrying at the best of times, but especially during a pandemic where most employees are remote working.
The UK has been working from home for almost a year, which means the personal
.....Read MoreIt's unfortunate this breach has occurred but in terms of security for customers, individuals should always be attentive to their card transactions because fraudulent activity is likely after a significant breach like this.
Furthermore, most people today will have hundreds of online accounts and trying to create a unique, but memorable, password for them all is challenging. Password managers are helpful but two-factor authentication should ideally be something most sites offer today.
.....Read MoreWe all know it's easier to remember one style of password or one password for all of our accounts. However, cybercriminals are fully aware of this and use passwords stolen from other data breaches to access various user accounts. While phishing and other attack vectors involve more analysis and security measures, credential stuffing is something that we as individuals can fix ourselves.
There are free monitoring services available, like HaveIBeenPwned.com, where you can find out if your email
.....Read MoreDot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
As we saw with this breach, credential stuffing attacks have the ability to cripple businesses’ digital engagement efforts. However if there’s a silver lining here, it’s that this campaign targeted at users in large numbers – it wasn’t particularly sophisticated, which likely made it easier to spot and address quickly. More challenging for businesses are targeted attacks that hijack the accounts of employees in order to move laterally throughout the organization. When malicious actors
.....Read MoreAs we saw with this breach, credential stuffing attacks have the ability to cripple businesses’ digital engagement efforts. However if there’s a silver lining here, it’s that this campaign targeted at users in large numbers – it wasn’t particularly sophisticated, which likely made it easier to spot and address quickly. More challenging for businesses are targeted attacks that hijack the accounts of employees in order to move laterally throughout the organization. When malicious actors take over insider accounts, they can more easily hide their activity by blending in with everyday behaviours.
Read LessFollowing this attack, consumers should check services like HaveIBeenPwned to see if their logins have been breached and change their passwords across accounts. On the corporate front, the company is likely taking a close look at its internal activity as well to ensure they understand the full scope and vectors of this attack.
Linkedin Message
@Dan Panesar, Director UK & Ireland, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Even unsophisticated attacks can cripple digital engagement efforts...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/npower-shutsdown-app-after-hackers-steal-customer-bank-info
Facebook Message
@Dan Panesar, Director UK & Ireland, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Even unsophisticated attacks can cripple digital engagement efforts...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/npower-shutsdown-app-after-hackers-steal-customer-bank-info