Vodafone UK over the weekend revealed that nearly 2,000 customers have had their accounts accessed by an unauthorized party that may have led to the theft of sensitive information including the customer’s name, mobile number, bank sort code and the last four digits of their bank account.
The telecom said the unauthorized logins took place between midnight on Wednesday, October 28 and midday on Thursday, October 29. Upon discovery, Vodafone launched a comprehensive investigation into the matter and alerted the National Crime Agency, the ICO and Ofcom.
Vodafone maintains that the incident was driven by outsiders that somehow obtained the e-mail addresses and passwords of some of its users – 1,827 to be exact – and that no credit or debit card numbers or details were exposed. As such, Vodafone says its systems were not compromised or hacked in any way.
Where exactly the “hackers” got the login credentials is anyone’s guess. Odds are, they were skimmed from a separate breach with the attackers simply recycling those stolen credentials with the hope that some people were naïve enough to use the same username and password at multiple sites.
Vodafone added that the compromised accounts were blocked on Friday evening and that affected customers were contacted over the weekend. The telecom also reached out to the banks of impacted customers to alert them of the situation.
Image courtesy Business IT