Energy firm Npower has closed down its app following an attack that exposed some customers’ financial and personal information. Contact details, birth dates, addresses, and partial bank account numbers are among the details believed stolen. The firm did not say how many accounts were affected by the breach, which was first reported by MoneySavingExpert.com.
But the affected accounts had been locked, Npower had said.
“We identified suspicious cyber-activity affecting the Npower mobile app, where someone has accessed customer accounts using login data stolen from another website. This is known as ‘credential stuffing’,” the firm said in a statement.