Victoria Derbyshire programme found out that O2 customer data are being sold in the dark net. Customer data that includes usernames and passwords were first reported three years ago were stolen from gaming websites XSplit to log into O2 accounts by means of a technique called "credential shuffling".
Ethical hacker from Insinia Security Mike Godfrey found that data of O2 customers were for sale on a dark net market. Criminals use a software that repeatedly gain access to customers' accounts by using their login details, like in XSplit and sell them online once they retrieve these data.
Graham Cluley, another computer expert said that when customer data are hacked in an online website, criminals see if these stolen data could also use these data to unlock other online accounts. Furthermore, all of the owners of the O2 accounts found and sold online said that they had used the same login information for their other online accounts.
Among these O2 users is Hasnain Shaw, from Chester who said that his data had already been used elsewhere to access more accounts. He said that he was away from home when eBay contacted him to inform that there were some suspicious activities in his account. He then found out that there were car advertisements posted under his eBay account.
Gumtree also informed him through email that his accounts were used for the same car advertisements found in his account in eBay.
O2, in their defense said that they have not suffered from data breach and that credential shuffling a common hacking technique experienced by any online business. They also said that they have reported the incident to the proper authorities and that the police have pledged their commitment in dealing with this matter involving data theft.
See Now: OnePlus 6: How Different Will It Be From OnePlus 5?