Early Saturday, Vodafone UK said that hackers successfully accessed customer accounts. It was the second such attack against a British telecom provider in October, this time affecting 1,827 customers.
Using data obtained outside of Vodafone’s systems, the perpetrators used email and password combinations to get into Vodafone’s customer portal. From there, they could get the customers’ bank sort codes, part of the bank account numbers, names and phone numbers.
If there is any good news to be found, it is in the fact that no credit or debit card numbers were compromised. The information that was gathered however, makes it easier to conduct fraudulent activity on the Vodafone accounts or target for phishing scams.
Vodafone is contacting the customers whose information was accessed and stated that other customers’ information is intact.
The previous attack in October was against Vodafone MVNO, TalkTalk, who saw about 20,000 customer records get breached. However, two teenagers believed to be tied to that incident have been arrested.
What this incident further illustrates is the need to not recycle common passwords across services you may use. The email/password combinations obtained from outside sources made an impressive dent in obtaining data, even it was a mere 1,800 out of Vodafone’s 450 million global subscribers.