IBT reports that purported O2 customer data is for sale on the dark net. But the while customer data does appear to be involved, the breach was not O2’s. As Warwick Ashford reports on ComputerWeekly:
O2 said its investigations into unauthorised access of some of its users’ accounts led to a reported data breach from the gaming website XSplit in 2013.
“We have not suffered a data breach,” an O2 spokesperson said.
Well, they did and they didn’t, from my perspective. Data were accessed from their system – but by people using login credentials acquired in another breach.
Still using the same login credentials across sites, folks?