Npower has had to remove its app after login data was stolen to access customer accounts.
The energy provider, owned by E.ON – one of the UK’s big six energy suppliers – is yet to reveal how many people could have been affected by the cyber attack.
It is believed that personal contact details and partial financial information may have been obtained, according to MoneySavingExpert.com, although full account numbers appear not to have been taken.
Npower said it has alerted those who may have been affected and “immediately locked” their accounts.
“We identified suspicious cyber activity affecting the npower mobile app, where someone has accessed customer accounts using login data stolen from another website. This is known as credential stuffing,” the company said in a statement.
“We’ve contacted all affected customers to make them aware of the issue, encouraging them to change their passwords and advice on how to prevent unauthorised access to their online account.
“We immediately locked any online accounts that were potentially affected, blocked suspicious IP addresses and took down the npower app.”
The Information Commissioner’s Office (ICO) and Action Fraud have been informed of the incident.
Npower said the app was already set to be withdrawn as part of “existing wind-down plans”.
“Protecting customers’ security and data is our top priority and our robust defences helped us to identify this recent attack,” the firm added.
“It’s important we all continue to stay secure online and urge customers to avoid reusing the same password across multiple websites.”
The ICO confirmed it had been notified, saying: “Npower has made us aware of an incident affecting their app and we are making enquiries.”
Why are you making commenting on The National only available to subscribers?
We know there are thousands of National readers who want to debate, argue and go back and forth in the comments section of our stories. We’ve got the most informed readers in Scotland, asking each other the big questions about the future of our country.
Unfortunately, though, these important debates are being spoiled by a vocal minority of trolls who aren’t really interested in the issues, try to derail the conversations, register under fake names, and post vile abuse.
So that’s why we’ve decided to make the ability to comment only available to our paying subscribers. That way, all the trolls who post abuse on our website will have to pay if they want to join the debate – and risk a permanent ban from the account that they subscribe with.
The conversation will go back to what it should be about – people who care passionately about the issues, but disagree constructively on what we should do about them. Let’s get that debate started!
Callum Baird, Editor of The National
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereComments are closed on this article