Three Suffers Data Breach As Hackers Steal Customer Data

A trio of men have been arrested in relation to unauthorised access to Three’s customer database

Three people have been arrested due to alleged involvement in a hack attack on mobile toperator Three, which saw them steal data relating to customers due for a phone upgrade.

The hackers were able to gain access to Three’s database containing some six million customers and swipe the names, addresses, phone numbers, and dates of birth of customers who were eligible for a smartphone upgrade.

Using these details, Three said the trio of data thieves were able to trick it into issuing eight handset upgrades.

The BBC reported that the National Crime Agency has revealed a 48-year-old man from Orpington, Kent, and a 39-year old man from Ashton-under-Lyne, Greater Manchester, were arrested in relation to the hack and computer misuse offences, while a third man, a 35-year old from Moston, Greater Manchester, was arrested on suspicion of attempting to pervert the course of justice.

Three hack

Hacker, cyber crime © Stokkete, Shutterstock 2014Three was forced to admit the hack has taken place, though has yet to explain how the hackers were able to breach its database.

“We’re aware of an attempted fraud issue regarding upgrade devices and are working with police and relevant authorities on the matter,” Three said.

“The objective was to steal high-end smartphones from Three but we’ve already put measures in place to stop the fraudulent activity. We’d like to reassure customers their financial details are not at risk. We’ll update with further info once we have this. At this stage only eight devices have been obtained illegally as part of the fraudulent upgrade activity.”

While the financial details of customers may not have been exposed by the data breach, having access to the names, addressed and birthdays of Three customers, meant the hackers could have used them to commit other types of fraud.  The arrest of the trio should go someway to curtail such activity while they are on bail.

While we contacted Three for more comment on the data breach, it has yet to respond, However, it would not be beyond the realms of expectation to suspect the breach is a result of an insider threat or login details being obtained from compromising the login credentials of Three worker, at least that is the theory of Ryan O’Leary, vice president of the threat research centre at WhitehHat Security.

“It appears that an employee has had their credentials compromised. This could have been caused a direct attack, where the attacker attempted to steal the credentials of a specific user, or by using compromised credentials from an entirely different data breach.,” he said.

“The simple truth is that people often use the same username and password combinations on a variety of different sites and systems. With the high number of password leak incidents recently, attackers will no doubt be trying to use compromised credentials on a variety of websites, to see if they work. Users must make sure they’re using different passwords on every site.”

This is the second data breach that has happened to a major telecoms provider this year, with TalkTalk making headlines after a hacker gained access to its customer database. While BT claims to have learnt from such an attack, Three appears to have lagged behind although the the attack it suffered came through a different vector than TalkTalk’s breach.

Can you protect your privacy online? Take our quiz!