Another day, another high-profile brand issues a warning about personal data being compromised, after British Gas contacted 2,200 customers telling them that their email addresses, passwords and past energy bills have been published on a document-sharing site.
However, the company maintains that its systems have not been breached and that no payment data has been exposed.
The data has now been removed from the Pastebin site, and British Gas has disabled all the affected accounts on its site and asked customers to reset their passwords online.
The company said that the data posted on Pastebin had not come from British Gas. “As you’d expect, we encrypt and store this information securely. From our investigations, we are confident that the information which appeared online did not come from British Gas,” the company said in the email to customers.
Experts beleive the details may have been harvested in another breach and tested against British Gas’ website to see if they worked on there, too.
Holders of online accounts are constantly told to ensure that usernames and passwords are unique to each account; that way, if one is compromised, the others will remain secure.
British Gas has published guidelines on its website for staying safe online. The first point states: “It’s crucial to pick strong passwords that are different from each other for all your important accounts.”
Related stories
M&S customers exposed as website is hit by breach
TalkTalk chief hits back: we’re just the punchball
TalkTalk under fire as 4m customers hit by hack
ICO ‘enquires’ about Carphone hack