British Gas has contacted the affected customers and assured them that its security system had not been breached and that none of their payment data had been put at risk.
The logins, which have since been removed from the website, gave users access to around 2,200 British Gas customers names, addresses and past energy bills. The company, owned by Centrica has disabled the affected accounts following the discovery. It has also asked its affected customers to contact the company or to securely reset their passwords through British Gass website.
It is not clear how the information was accessed if there was indeed no security breach at British Gas end. One possibility raised is that the customers could have been targeted by a phishing company and tricked into revealing their details.
Another way the information could have been obtained was through another data breach elsewhere and then the perpetrators checked to see if the customers used the same login details to access their British Gas accounts.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now