Yesterday, Great Western Railway sent a number of password reset email notifications to its customers, in response to it becoming aware of “unauthorised attempts to gain access to a small number of GWR.com accounts over the past week”. GWR customers have shared screen grabs of the email notification on Twitter.
GWR has since confirmed in interview that circa 1,000 accounts were affected.
Rashmi Knowles, EMEA Field CTO at RSA Security and expert in data protection and end-user security, implores customers to take heed of the advice from companies like GWR and reset their passwords – commented below.
Rashmi Knowles, Field CTO, EMEA at RSA Security:
“It is good to see Great Western Railway taking a proactive approach to helping customers stay safe online by flagging that some accounts have been accessed, even though GWR itself has not been hacked. In the wake of large data breaches, we often see large caches of credentials go on sale on the dark web. Hackers know that consumers use the same passwords for multiple accounts, and that these credentials will open doors into emails, banks, or in this case railway accounts – I would suspect that is what is happening here, and that GWR accounts have been accessed by people trying their luck with stolen credentials.
“This is why everyone should practice good cyber hygiene. If you know that one of your accounts has been compromised, and use the same username and password elsewhere, then update your other accounts immediately. More generally, with consumer breaches of this kind on the rise, you should never be using the same passwords for business and personal use. Targeting consumers is often a gateway into their place of work for hackers. By having separate passwords, you can minimise the chances of your employers being affected. Finally, users should opt in to two-factor authentication, where possible. For example, often you will see your bank asking for a fingerprint, voice scan or secondary password because we regularly see passwords failing to protect us adequately. By adding an extra layer of defence you can make things much harder for the bad guys.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.