Criminals Access Vodafone Customer Accounts

Every day we seem to learn of a new attack on telcos and their customers. This time the victims are customers of Vodafone UK, though mercifully fewer were affected than in other recent cybercrimes. Vodafone reported that the online accounts of 1,827 customers had been accessed by criminals last week, using email addresses and passwords which were disseminated using the dark web.

By logging on to customer accounts, the criminals may have obtained some limited banking details for those customers. Vodafone has blocked the affected accounts, and notified banks about the increased risk of fraud.

Vodafone were keen to emphasize that their systems were not hacked.

This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone.

Vodafone’s systems were not compromised or breached in any way.

The attack does raise a legitimate question about how the email addresses and passwords were compromised in the first place. Nevertheless, it appears that Vodafone have been prompt and effective in taking action and limiting the risk to customers.

Our investigation and mitigating actions have meant that only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts.

No other customers need to be concerned, as the security of our customers’ data continues to be one of our highest priorities.

Victims were being contacted by Vodafone, and helped to change their online account details. Nevertheless, those affected will need to be wary of their personal information being misused, perhaps in the form of phishing scams.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.