Just a few days ago, British Gas warned an estimated 2200 of its customers that their information had been leaked and that it had been briefly shared on a text-sharing site (Pastebin). Just one of the most recent in a seeming onslaught of malicious hacks and data breaches in the UK and around the world, the British Gas breach doesn’t really stand out at first, but upon closer inspection it has a few very interesting characteristics.
First of all, though British Gas admits that its customers’ email addresses, passwords, and some information from their past energy bills had been leaked and published, they have been adamant that their security protocols have not been breached.
When a Breach Isn’t a Breach
This seems, at first, like an oxymoron. After all, how could that kind of information get out if there was no breach? However, British Gas encrypts all of its customers’ data, including passwords, email addresses, payment information, etc. The company claims that no other encrypted information was leaked besides the email addresses and passwords, which can be shown in that no bank account information was breached for any customers.
The theory for how this leak occurred is that the hackers gained a list of matched usernames and passwords from another breach and then tested it on British Gas to find out if any of the people on the list used the same password for multiple accounts. If that’s what happened, then about 2200 British Gas customers also use the same passwords across multiple accounts with multiple businesses.
If this is the case, then British Gas has not actually had a breach, but rather they’ve fallen victim to their own customers’ habits of reusing passwords across different accounts. So what does that mean for you?
Avoiding Problems With Duplicate Passwords
This is a clear illustration of how using duplicate passwords can negatively affect your personal data security. Not only that, though, but it can also affect the perceived security for a large company, too. After all, how many people do you think will blame the customers whose data was breached for using duplicate passwords?
Essentially, though the British Gas breach happened through no real fault of British Gas, this incident should stand as a warning to companies. You may not be able to force your customers to use unique passwords, but you can implement stronger security measures.
For example, instead of using an email address you could have your customers create unique usernames. You could also require customers to update their passwords (and prohibit duplicates or passwords that are too similar to previous passwords) every few weeks or months. You might also add security questions or other measures to ensure that someone entering a username or email address and password is actually a customer and not a hacker attempting to breach your system.
Every data breach has at least one or two lessons that it can teach business owners and executives. In this case, it doesn’t matter whether your system was breached if your customers use another breached system and duplicate passwords. The more you learn from these situations, the more likely you’ll be to avoid breaches and to keep your customers’ data secure.
With the growth of big data and the increasing importance of data science for all businesses in every industry, it&rs...
Content marketing can be incredibly effective, and it can also be very affordable when done the right way. That makes...
Video is hot, and not just for recreational viewing. It’s also one of the most compelling options for content m...
The world of eBooks has exploded, but it goes well beyond the Amazon bestseller list. Thousands of businesses have fo...