Straight on the back of the high-profile TalkTalk hack, it seems that Vodafone customers have also suffered an unwarranted intrusion, with around 2000 customer accounts illegally accessed. The attack took place over the weekend, though it was not a database breach, so this isn't a widespread issue that all customers on the network should be particularly worried about.
The owners of the accounts that were accessed seem to have fallen victim to a phishing scam. Vodafone insists that the criminals behind this attack has obtained passwords and email addresses from “an unknown source external to Vodafone”.
Vodafone noticed some odd activity on some accounts, with some being accessed on Wednesday at around midnight, with the process repeating late on Thursday. After this, Vodafone contacted the authorities so that an investigation could take place.
In a statement sent to The Guardian, a Vodafone spokesperson said: “Whilst our security protocols were fundamentally effective, we know that 1,827 customers have had their accounts accessed, potentially giving the criminals involved the customer’s name, their mobile telephone number, their bank sort code, the last four digits of their bank account. Our investigation and mitigating actions have meant that only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts.”
This does leave those customers open to fraud or scam attempts. The customers affected have had their accounts cut off while Vodafone works with them to get their details changed.
KitGuru Says: Vodafone seems to have acted fairly quickly upon seeing fraudulent attempts to access customer accounts last week. The good news is, this wasn't the result of a larger breach but rather, some form of phishing scam that seems to have affected a few people on the network. Hopefully those that were affected can get this all straightened out and watch out for any further scam attempts in the future.