Nearly 2,000 Vodafone UK customers’ accounts compromised, blocked
Customers of another UK telecom have had their information compromised by hackers, as Vodafone has explained that it was “subject to an attempt to access some customers’ account details between midnight on Wednesday 28 October and midday on Thursday 29 October.”
“This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone. Vodafone’s systems were not compromised or breached in any way,” the company said in a statement published Saturday.
It seems likely that the attackers were testing out login credentials compromised in another breach, trying to find those that have been reused by customers.
All in all, the accounts of 1,827 Vodafone customers were accessed, meaning that the hackers had access to the customers’ name, mobile phone number, their bank sort code, and the last 4 digits of their bank account, but not to credit or debit card numbers or details.
Those affected had their accounts temporarily blocked, and have been notified of the incident.
“It is not necessary for customers to contact their bank directly to inform them of the incident,” the company pointed out. “We will also be loading customers’ details into the Credit Industry Fraud Avoidance Service (CIFAS) database, which will ensure that bank or mobile operators will make additional checks to avoid fraud.”
As with the TalkTalk breach, the biggest danger to affected consumers is fraudsters using the stolen data to launch social engineering attacks via phone or email.
“The information obtained by the criminals can not be used directly to access customers’ bank accounts. However, this information does leave these 1,827 customers open to fraud and might also leave them open to phishing attempts,” the company said, and admitted that “a handful of customers have been subject to attempts to use this data for fraudulent activity on their Vodafone accounts.”
According to The Mail on Sunday, login details for thousands of Vodafone accounts and that of customers of other UK telecoms are being sold on darknet markets. Whether or not they are the same compromised in this attack is unknown.