View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

02 data for sale on dark web

No known breach but BBC finds data for sale, expert blames password reuse

By Vinod

O2 customer data is being sold on the dark net after cyber criminals used details stolen from a hacked gaming website to access O2 accounts.

The BBC's Victoria Derbyshire programme discovered the details for sale on the dark net.

The process is known as 'credential stuffing'. When a poorly secured database is hacked, the cyber criminal can gain access to lots of user names and logins.

These credentials are then inputted as pairs automatically into different user accounts to check whether they work. If these pairs are found to be valid, then the credentials can be sold on on the dark net where there exists a large market for this.

The data for sale included users' phone numbers, emails, passwords and dates of birth.

O2 itself has not suffered a breach.

In response to the news that some of O2’s customer data is being sold on the dark webMatthias Maier, Security Evangelist at Splunk said:  “Once again, we see a situation where hackers have managed to re-use data from an older breach because users have recycled the same passwords. This shows how a single data breach can go on to impact other organisations. The challenge this highlights for businesses is the how employees or customers will unintentionally allow their credentials to be stolen or access hijacked. This has the potential to trigger security breaches and data leaks. Recent research by IDC found that hapless users are a greater threat than malicious insiders. 27 per cent of businesses are worried about poor user security practices, compared to just 12 per cent of businesses who are worried about malicious insider threats. Businesses need to understand where the threat is coming from and what normal behaviour looks like in order to detect unusual activity, respond appropriately and secure themselves.”

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?











Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.