Cybercriminals are reportedly selling O2 customer data on the dark web, a fresh report has claimed.
According to BBC current affairs programme, the Victoria Derbyshire show, the hackers are logging onto O2 accounts via a process known as "credential stuffing", when the automated injection of breached username and password pairs are used to fraudulently gain access to user accounts.
The programme revealed the data was obtained using login details first stolen from gaming website XSplit three years ago. This personal data apparently includes names, phone numbers, date of birth, emails and passwords.
The dark web, or dark net, refers to a collection of websites that are publicly visible, but hide the IP addresses of the servers that run them so they can't be found using search engines. The encrypted network is notorious for hosting drug markets and child pornography.
O2 said it has reported the incident to police and is helping the inquiry, but has reassured its customers that it’s not the result of a direct data breach of its accounts.
“We have not suffered a data breach,” the firm said in a statement. “Credential stuffing is a challenge for businesses and can result in many company’s customer data being sold on the dark net. We have reported all the details passed to us about the seller to law enforcement and we continue to help with their investigations.
“We act immediately if we are given evidence of personal credentials being taken from the Internet and used to try and compromise a customer’s account.”
Matthias Maier, security evangelist at Splunk, highlighted that the discovery shows how a single data breach can have a long ripple effect for many years after it has occurred.
“Once again, we see a situation where hackers have managed to re-use data from an older breach because users have recycled the same passwords. This shows how a single data breach can go on to impact other organisations,” he said.
“The challenge this highlights for businesses is the how employees or customers will unintentionally allow their credentials to be stolen or access hijacked. This has the potential to trigger security breaches and data leaks.”
The dark web is synonymous with the secretive world of whistleblower sites, illegal pornography and the Silk Road drugs marketplace. Things that, for reasons good and bad, people have chosen to keep hidden. This network – technically called Tor Hidden Services – is an encrypted part of the internet, where URLs are a string of meaningless numbers and letters that end in ".onion", accessed using a browser called Tor.
The software was built by the US Navy but is now open source. It allows people to browse the net without giving away their location, by encrypting the IP address and routing it through computers around the world that use the software. Tor can be used on the normal net but is also the route into this dark net of uncensored sites.
This article was originally published by WIRED UK
