Home
 » ISP News » 
Sponsored

Vodafone Joins TalkTalk to Suffer Security Breach of 1,827 Accounts

Sunday, November 1st, 2015 (7:26 am) - Score 763
vodafone uk broadband

Vodafone has said that their security is “fundamentally effective” after they became the latest major UK telecoms operator after TalkTalk to be hit by a breach, which between 28th and 29th October 2015 resulted in 1,827 customers having their accounts accessed by cyber criminals.

Admittedly Vodafone’s situation is significantly different from TalkTalk’s. The latter found their website being exploited by hackers who discovered an SQL Injection exploit, while Vodafone states that the cyber thieves who got into their systems were able to use known login (email address) and password details that had been “acquired from an unknown source external to Vodafone“.

What Customer Details Have Been Exposed?

* The customer’s name;
* their mobile telephone number
* their bank sort code
* the last 4 digits of their bank account (no credit or debit card numbers or details were obtained)

At this point we are assuming that Vodafone has ruled out the possible use of a brute force attack, which would attempt to identify the main login and password details by trying lots of common and random combinations at the same time (this is usually made obvious via the server logs).

Instead Vodafone are able to claim that their “systems were not compromised or breached in any way” and their related “protocols were fundamentally effective,” although the login and password details still had to come from somewhere and on this front there is a clear lack of information. Some reports suggest that they were purchased on the so-called dark web, but that still doesn’t explain how they came to be there in the first place.

On top of that Vodafone says that the problem could have been worse had their own “investigation and mitigating actions” not been effective, which they say meant that “only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts.” This suggests that the operator knows more than they’re currently able to say.

Vodafone Statement

The information obtained by the criminals can not be used directly to access customers’ bank accounts. However, this information does leave these 1,827 customers open to fraud and might also leave them open to phishing attempts.

These customers’ accounts have been blocked and affected customers are being contacted directly to assist them with changing their account details. We have already contacted the banks of affected customers to alert them to the situation and they are following established procedures in order to protect customers.

It is not necessary for customers to contact their bank directly to inform them of the incident. We will also be loading customers’ details into the Credit Industry Fraud Avoidance Service (CIFAS) database, which will ensure that bank or mobile operators will make additional checks to avoid fraud.

The operator has also notified both Ofcom and the Government’s Information Commissioner’s Office (ICO) of the breach. Meanwhile an investigation has been started by the National Crime Agency and related police forces.

Add to Diigo
Mark Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
0 Responses

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £18.00 (*22.00)
    Avg. Speed 30Mbps, Unlimited
    Gift: Code: HYPER19
  • Vodafone £21.00
    Avg. Speed 35Mbps, Unlimited
    Gift: Amazon Echo Plus
  • Direct Save Telecom £22.95 (*29.95)
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • Origin Broadband £23.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • SSE £23.00 (*33.00)
    Avg. Speed 35Mbps, Unlimited (FUP)
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2431)
  2. FTTP (2043)
  3. FTTC (1614)
  4. Building Digital UK (1558)
  5. Politics (1358)
  6. Openreach (1353)
  7. Business (1194)
  8. Statistics (1058)
  9. FTTH (990)
  10. Mobile Broadband (987)
  11. Fibre Optic (950)
  12. Ofcom Regulation (892)
  13. Wireless Internet (874)
  14. 4G (860)
  15. Virgin Media (823)
  16. Sky Broadband (580)
  17. EE (566)
  18. TalkTalk (560)
  19. Vodafone (485)
  20. Security (399)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact