back to article Burned: British Gas customer info hits Pastebiin

British Gas has 'fessed up that customer data posted to Pastebin was genuine, but believes payment details were not exposed. The BBC says it's seen an e-mail sent to customers about the privacy breach, which the energy company says was not due to a breach of its own systems. “I can assure you there has been no breach of our …

  1. Haku

    Has someone told Sid?

    1. Anonymous Coward
      Anonymous Coward

      S.I.D

      Stupidly

      Insecure

      Database.

    2. Aqua Marina

      Has someone told Sid?

      No, but if you see Sid, will you tell him?

  2. Your alien overlord - fear me

    Possibly customers who left another gas company and went back to British Gas. Revenge best served at Gas Mark 4.

  3. Anonymous Coward
    Anonymous Coward

    British Gas - We're that good that somebody breached someone else's network and we know exactly how many records they got of ours and exactly what they got. Also we gave copies of Bills to TalkTalk so it's their fault.

    In an alternate universe British Gas got done completely but only think 2,200 customers will complain.

  4. Dan 55 Silver badge

    BBC says... "Affected users are being asked to make contact by phone or to securely reset their passwords via the company's website."

    Will phone contact walk them through removing any keyloggers from their computer, changing their email password, and then changing their BG password to something else?

    Password reset, doubt that'll work for people who use the same password for everything, which apparently is how this list was compiled... Their email's still probably pwnd.

    How on earth do you solve this problem for people who don't give a toss? Maybe BG shouldn't let them have online accounts.

    1. Badvok

      "How on earth do you solve this problem for people who don't give a toss? Maybe BG shouldn't let them have online accounts."

      What? Just because I really, really don't give a toss who knows how much my Gas / Electricity bill is I shouldn't be allowed to have an online account?

      Note: no bank account or card details are accessible via online BG account but a hacker could of course add their own card and pay my bill for me :)

      1. Dan 55 Silver badge

        But before they had an email address and a password and afterwards they have an email address, email password, BG password, full address, DOB, and utility bills. See why it's a problem?

        1. Badvok

          "But before they had an email address and a password and afterwards they have an email address, email password, BG password, full address, DOB, and utility bills. See why it's a problem?"

          Nope, not giving a toss about protecting online BG info is not the same as being dumb enough to use the same password for important things, so no they wouldn't get email password. And all the rest is freely available public information anyway. And any organisation that accepts a printed utility bill as proof of anything these days is just asking for trouble.

          1. Dan 55 Silver badge
            WTF?

            Well I rather thought it was the same, but thank you for telling me what I originally should have said.

  5. This post has been deleted by its author

  6. Alan Brown Silver badge

    2200 on pastebin

    does not mean 2200 in total.

  7. Doctor_Wibble
    Flame

    Stop doing stuff online

    It's the only way to be sure, and if this latest incident helps drive home the message that we need to get over our dependency on this silly internet fad, then so much the better.

    We need to keep the paper and postal industries going, and the meter readers need to be kept busy, and don't tell me that getting rid of these things has miraculously made our utilities cheaper because we all know they sodding well haven't. Wait no, surely I'm wrong, obviously when the utility companies told us they had to cut costs, they were all in extreme financial difficulty, I distinctly recall all those years of heavy losses they were reporting, I didn't misremember, surely? Or was I thinking of all those price reductions we were going to get?

    Yeah, digression. Whatever. Sometime it's good to whinge. Even if I'm probably wrong on some of it.

    Wait, 2200? So they only published half?

  8. Little Mouse

    "Information leaked ... would have included past bills"

    Bills? Those things that Banks et al will accept as proof address, as supporting proof of identity, etc? Those things that can include a metric ton of personal info?

    Ouch.

    1. mm0zct

      Re: "Information leaked ... would have included past bills"

      The banks only accept bills printed by the company and posted to you, not self printed ones. I learned this after much palava trying to open a new joint account with my partner. The only thing in the end they would take is the council tax bill for this year (or an HMRC tax letter dated within a few months), because we have everything else paperless. House insurance on the property doesn't count even, nor did the fact I bought said flat through the same bank! (Mortgage and current accounts are completely separate, how ridiculous that the bank won't believe you live at the house you bought with them?)

  9. Anonymous Coward
    Anonymous Coward

    "As you'd expect, we encrypt and store this information securely."

    I would expect that, yes! I expected that of Talk Talk as well though.

  10. Anonymous Coward
    Anonymous Coward

    Slightly on a tangent...

    Has the national media started crapping its pants?

    Not a single article ive found has had the balls to link to the pastebin dump.

    Surely its in the publuc interest to know where the dump is and be able to check for themselves if they're on it.

    Cmon Reg you've got bigger balls than this. Are you a public service or a bunch of gloating hacks?

    1. Doctor Syntax Silver badge

      Re: Slightly on a tangent...

      "Not a single article ive found has had the balls to link to the pastebin dump."

      Did you read the Beeb article that says the dump has been removed? It's my guess that that might be why there are no links to it.

      1. Anonymous Coward
        Anonymous Coward

        Re: Slightly on a tangent...

        I dont read socialist propaganda.

  11. Creamy-G00dness

    So British Gas gets to wash their hands completely??

    Why the hell have they given customers information to someone else? surely they are still responsible for the breach if they did not vet the company that they gave/sold this information to properly.

    Is it me or does this look like yet another corporate side step? all we need now is a raft of "we don't know" quotes.......go give em a hand Talk Talk.

  12. hi_robb

    Hmmm

    I'm hoping someone logs in to my account and pays my extortionate energy bill.

    Then again, the hackers aren't that rich...

    D

    1. Anonymous Coward
      Anonymous Coward

      Re: Hmmm

      You must not have read this article: http://www.theregister.co.uk/2015/08/14/ukrainian_securities_fraud_hack/

  13. Anonymous Coward
    Anonymous Coward

    Looks like they sold their customer contact data to a marketing company who have been a little careless.

  14. Pascal Monett Silver badge
    Trollface

    We need to have a running total

    We need a website that responsibly discloses these incidents in detail, showing the current total and the history of how we got there.

    Then we can arrange betting pools on who will be next, how many will be impacted, what the total will be at the end of a given period, etc...

    Because anything goes these days, right ?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like