2 min read

Dutch Energy Supplier Blames Cyber Intrusion on Data Breaches Suffered by Other Companies

Filip TRUȚĂ

January 15, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Dutch Energy Supplier Blames Cyber Intrusion on Data Breaches Suffered by Other Companies

Dutch energy supplier Eneco has warned tens of thousands of clients, including business partners, to change their passwords amid a recent data breach.

Eneco, a producer and supplier of natural gas, electricity and heat in the Netherlands, serves more than 2 million business and residential customers.

In a recent statement, the company said that “cyber ​​criminals have used email addresses and passwords from previous thefts at other websites to gain access to approximately 1,700 private and small business My Eneco accounts, the online environment for Eneco customers.”

It claims affected customers may have had their data “viewed and possibly changed by third parties,” but doesn”t go into detail about the nature of the data, nor does it mention that attackers may use it to conduct phishing campaigns or fraud – which is typically the case in such attacks.

The company adds that “affected customers have been notified and must create a new account with a different password.”

“We are investigating whether we can also take additional measures to further secure logging in to My Eneco,” adds the notice, obtained by Databreaches.net.

All affected customers have been sent an email with instructions on how to create a new My Eneco account.

A separate group of approximately 47,000 customers is also being informed by email about the incident “as a precaution.” Eneco claims that, for this group, there is no reason to assume that their accounts have been viewed. However, because these customers also used the service around breach time, “they are advised to change their password as a precaution.”

The company seems to be taking little responsibility for the incident, despite suffering what appears to be a textbook, credential-stuffing attack.

Furthermore, it seems to place the burden on users to create a new account and password when it should have automatically reset all affected users” passwords as soon as it learned of the intrusion, as a first step towards severing the attackers” access to their profiles.

The attackers apparently used a classical credential stuffing technique leveraging stolen data from previous breaches, meaning such an attack could have been prevented as easily as by enforcing multi-factor authentication for customer accounts.

To its credit, the firm swiftly reported the incident to the Dutch Data Protection Authority and is now informing all customers through various channels of the importance of good password hygiene, “so that such attacks can be prevented even better in the future, both at Eneco and other online accounts,” it says.

Stop guessing what the internet knows about you. Find out with Bitdefender”s Digital Identity Protection!

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read