Mobile customer accounts of Three UK are being mixed up as bizarre new breaches are reported on customers. Customers are reporting being presented with other people's details as they log in with their own credentials.
One customer, speaking to the Guardian Newspaper called it a “shocking breach of data privacy” after receiving a call from a stranger who told him she had discovered his information upon logging into her account.
It is not known how many customers are being affected by this breach, but a Three UK spokesperson told press that the company is “aware of a small number of customers who may have been able to view the mobile account details of other three users using My3”. The spokesperson added that no financial details were exposed.
Thats a red herring, Chris Hodson, EMEA CISO at Zscaler told SC Media UK: “Reassuring customers that no financial details were exposed is irrelevant. If users are able to see other customers' bills, then there's a totally feasible scenario where one user could ask for a replacement sim based on the billing details, get a replacement phone and reset passwords for major accounts – including banking. This has real implications for identity fraud. ”
News of this breach comes just months after another breach was reported on Three Mobile. The data of six million customers was stolen in November 2016, after hackers used employee credentials to get into the company's upgrade database.
“Three will have some tough questions to answer, such as why their customer data wasn't consequently watertight and 100 percent secure,” David Navin, corporate security specialist at Smoothwall told SC Media UK.The company can “expect disgruntled customers to leave following this latest data hack,” recalling the hundred thousand customers that left TalkTalk in the wake of its 2015 breach. With over nine million customers in the UK, added Navin, “and a seemingly penetrable security bubble, hackers will be rubbing their hands at the prospect unless drastic changes are made.”