Tens of thousands of German users affected
Hackers steal customer data from electricity provider Tibber
November 13, 2024 - 1:37 p.mReading time: 2 min.
The electricity provider Tibber has become the target of hackers. The criminals stole the company’s customer data and are now selling it on the dark web.
In a hacker attack on the Norwegian electricity company Tibber, around 50,000 German customer data was stolen. The company announced this. Accordingly, email addresses and user names of the affected customers were stolen.
“Passwords, payment, birth or electricity consumption data or exact addresses are not affected by the attack,” it said. Data from electricity contracts are also not affected.
“We immediately began investigating the incident and reported it to the Berlin police,” said Merlin Lauenburg, Tibber’s Germany boss. The company is working with authorities and security experts to clarify the incident. Tibber keeps his customers up to date on the current status of the investigation.
As the IT magazine “heise online” reports, the hackers are already offering their loot on the Darknet. “Since November 11th, a data set entitled ‘Tibber Data Breach – Leaked, Download’ has been available on a popular darknet forum,” it says. Some example lines included names, email addresses, order amounts, and incomplete address information.
According to Tibber, the hacker attack took place on a subsystem of the Tibber Store. The electricity provider sells so-called smart energy hardware such as charging boxes, home storage and smart lamps via the online shop.
Tibber says it helps its customers save electricity and at the same time contribute to the energy transition. To do this, the company buys the energy on the electricity exchange and passes it on to users – plus fees and charges – without a profit margin.
Tibber generates sales mainly through a monthly basic fee and sales of smart devices via its online shop.
Interview Between Time.news Editor and Cybersecurity Expert
Editor: Welcome to Time.news! Today, we’re diving into a critical issue affecting tens of thousands of German users following a cyberattack on the Norwegian electricity provider, Tibber. With us is Dr. Anna Müller, a renowned cybersecurity expert. Thank you for being here, Anna.
Dr. Müller: Thank you for having me. It’s an important topic that deserves attention.
Editor: Let’s get straight to the point. Tibber recently reported that hackers stole around 50,000 email addresses and usernames. How concerning is this type of data breach?
Dr. Müller: While the stolen data in this case seems limited to email addresses and usernames, which are less sensitive than financial or personal information, the consequences can still be significant. This type of information can be leveraged for phishing attacks or identity theft.
Editor: That’s a good point. You mentioned phishing. Can you elaborate on what that entails and how users can protect themselves?
Dr. Müller: Certainly. Phishing is when attackers impersonate legitimate organizations to trick individuals into revealing sensitive information, such as passwords or financial details. Users can protect themselves by being vigilant—checking the sender’s email address, looking for spelling errors, and never clicking on suspicious links.
Editor: In this case, Tibber emphasized that passwords, payment details, and even specific information like electricity consumption data weren’t affected. How does this change the dynamic of the breach?
Dr. Müller: It’s a relief that more sensitive data wasn’t compromised. However, the breach still raises concerns about user trust and the potential for spamming. The real issue is how companies handle customer data and the steps they take to prevent such breaches.
Editor: Speaking of which, what measures should companies like Tibber implement to enhance their cybersecurity defenses?
Dr. Müller: There are several critical steps. First, regular security audits and vulnerability assessments are vital. Second, implementing multi-factor authentication can drastically reduce the risk of unauthorized access. Third, educating employees about security best practices can further safeguard customer data.
Editor: These are insightful recommendations. Now, as we move forward, what advice would you give to users who might feel uneasy about their data?
Dr. Müller: I would advise users to stay informed about potential breaches in services they use. They should consider changing passwords regularly, enabling two-factor authentication where possible, and monitoring their accounts for any suspicious activity.
Editor: Thank you, Anna. Your insights shed light on a concerning issue and provide valuable advice for both users and companies. As always, awareness is key in the fight against cyber threats.
Dr. Müller: Thank you for the opportunity to discuss this important subject!
Editor: Thank you to our audience for tuning in. Stay safe online, and remember to stay alert!