BBC News is reporting that British Gas has contacted some 2,200 customers after finding their passwords and email addresses posted anonymously online on the document-sharing site Pastebin.
But don’t be too quick to reach for your pitchforks and cheesewires just yet, because British Gas’s IT security team may not deserve to be hung up from the lampposts.
According to the report, British Gas appears to be pretty emphatic in its email to affected customers that it has *not* suffered a security breach, and that it does not believe the data originated with them:
“I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk. As you’d expect, we encrypt and store this information securely. From our investigations, we are confident that the information which appeared online did not come from British Gas.”
Instead, it seems the finger of blame is being pointed either at customers reusing the same password in multiple places on the net, or that a couple of thousand customers fell for a phishing attack.
There definitely is a huge problem with many people using the same password for multiple places. The fundamental flaw with that approach is that if malicious hackers manage to steal your password in one place, you can be pretty sure that they will then try to see if it will also work against your email address, your eBay account, and who knows where else…
Password reuse is a huge problem. In fact, I would argue that it is a bigger problem than choosing dumb, obvious passwords.
So, the sensible approach is to use different passwords for every online account you have. And, if like me, you think you will never be able to remember all those complex, unique passwords – well, get yourself a password manager program to do the hard work for you.
Of course, things aren’t helped much by British Gas’s aversion to password managers.
You can see what I have to say about the British Gas incident, and hear more about my advice for computer users, in my latest YouTube video.
If you would like me to make more videos, please consider subscribing to my YouTube channel.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.