The hack took place between midnight on Wednesday and mid-day on Thursday. A total of 1,827 accounts were hacked, details of which included email addresses, passwords and bank accounts with sort codes.
Vodafone reacted strongly, informing National Crime Agency (NCA), the Information Commissioner's Office and Ofcom about the hack as well as freezing the affected accounts. The operator has also asked customers to change their passwords at the earliest.
However, Vodafone claims that none of its security protocols were breached in the process and stressed that hackers had obtained the information from an external source.
TalkTalk accounts at risk after third cyber-attack in a year
“This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone. Vodafone’s systems were not compromised or breached in any way,” said Vodafone.
“We would like to make clear that only the 1,827 customers, who have all been contacted, have been affected by this incident: no other customers have been affected or need to be concerned, as the security of our customers’ data continues to one of our highest priorities,” they added.
Unlike the TalkTalk hack, hackers could not get their hands on credit or debit card information of customers this time. Investigation on the TalkTalk hack, which affected thousands of customers, is still ongoing and the Police have made three arrests so far.
Despite Vodafone working with Police and the National Crime Agency to unearth the culprits behind last week's hacking incident, no arrests have been made so far. However, Vodafone have not confirmed if the suspected hackers have been identified as yet.
LoopPay hacked but Samsung Pay 'safe'
At the same time, a separate cyber-attack targeted British Gas, with hackers carrying away login credentials of over 2,000 customers. If used, hackers can obtain names and addresses of these customers as well. However, like Vodafone, British Gas denied their systems were breached.
"I can assure you there have been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk. As you'd expect, we encrypt and store this information securely.
"From our investigations, we are confident that the information which appeared online did not come from British Gas," they said.
Forget public Wi-Fi, your phone battery is helping hackers track you around
Hackers pasted the stolen login IDs and passwords in Pastebin, a popular data sharing website. British Gas has since blocked these accounts from being accessed.
This has so far been a troubled week for enterprises which store and encrypt confidential information belonging to thousands, perhaps millions, of subscribers. The frequency and scale of such cyber-attacks prove that encryption protocols aren't secure enough and that more attacks could follow in the coming days.
Over half a billion Samsung users affected as mobile keyboard bug gets hackers drooling
Vodafone brings inclusive roaming on £30 Big Value Bundle