Every day we seem to learn of a new attack on telcos and their customers. This time the victims are customers of Vodafone UK, though mercifully fewer were affected than in other recent cybercrimes. Vodafone reported that the online accounts of 1,827 customers had been accessed by criminals last week, using email addresses and passwords which were disseminated using the dark web.
By logging on to customer accounts, the criminals may have obtained some limited banking details for those customers. Vodafone has blocked the affected accounts, and notified banks about the increased risk of fraud.
Vodafone were keen to emphasize that their systems were not hacked.
This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone.
Vodafone’s systems were not compromised or breached in any way.
The attack does raise a legitimate question about how the email addresses and passwords were compromised in the first place. Nevertheless, it appears that Vodafone have been prompt and effective in taking action and limiting the risk to customers.
Our investigation and mitigating actions have meant that only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts.
No other customers need to be concerned, as the security of our customers’ data continues to be one of our highest priorities.
Victims were being contacted by Vodafone, and helped to change their online account details. Nevertheless, those affected will need to be wary of their personal information being misused, perhaps in the form of phishing scams.