O2 customer data sold to criminals on dark net, investigation finds
The data was almost certainly obtained by using usernames and passwords first stolen from gaming website XSplit three years ago to log on to O2 accounts, the BBC has learned.
When the login details matched, the hackers could access O2 customer data in a process known as 'credential stuffing'.
O2 has reported the case to police.
All affected O2 account holders have been informed.
Advertisement
Hide AdAdvertisement
Hide AdIn a statement, O2 said: "We have not suffered a data breach. Credential stuffing is a challenge for businesses and can result in many company's customer data being sold on the dark net.
"We have reported all the details passed to us about the seller to law enforcement and we continue to help with their investigations."