Accessible News

Top storiesNew ZealandPoliticsBusinessEntertainmentSportsWorld

Spark spots 21,000 customer logons in sweep of dark web

Friday, 21 September 2018

Internet users are being reminded not to share logons between different online services after Spark found 21,000 credentials that would unlock access to MySpark accounts among the billions of credentials circulating on the dark web.
Internet users are being reminded not to share logons between different online services after Spark found 21,000 credentials that would unlock access to MySpark accounts among the billions of credentials circulating on the dark web.

Spark has warned 21,000 customers that it has found email addresses and passwords for their MySpark accounts being passed around on the 'dark web'.

Spokeswoman Ellie Cross said Spark had not been hacked and had only spotted suspicious activity on fewer than 50 of the accounts.

The reason people's account details would have leaked online was because they had used their same email addresses and passwords for other online services that had been compromised in hacks on other companies in the past, she said.

It is not unusual for people to share logon credentials and then find them circulating on the web as a result of past, huge hacks.

**READ MORE:

* Ticketmaster warns NZ could be affected by data security breach

* Spark stores return to Mid and South Canterbury

* Spark completes Yahoo divorce**

Forbes magazine estimated last year that there were 1.4 billion such credentials circulating on the dark web in total, which could provide access to many billions of individual accounts for different online services.

Cross said the logins and passwords that would provide access to the 21,000 MySpark accounts were found among two lists 'one with billions of credentials, and one with millions of credentials'.

'This is part of a much wider issue that goes far beyond Spark,' she said.

Peter Bailey, general manager of Auckland cyber security company Aura, said Spark did not appear to have done anything wrong.

Instead, it was a good thing the company had searched for compromised credentials for its customers.

It was another 'wake-up call' for people to use different logins and passwords for each online service they used, he said.

Spark sent out an email to all of the 21,000 customers saying the company had detected suspicious activity on their accounts and telling them to reset their passwords.

But Cross said it had in fact only detected suspicious activity on fewer than 50 of the accounts, and Spark had no evidence MySpark accounts were being specifically targeted.

'We were keen for people to reset their passwords quickly so we sent out an automated email with that wording,' she said.

Cross defended giving people that scare. 'We think our priority is to protect our customers so we chose to send out an email promptly and then follow up with an explanation.'

MySpark accounts provide access to people's billing information, including their names and the phone numbers they have called, but do not provide access to people's emails.

Bailey said such information could be of value to hackers who might want to add personal information such as names and addresses to people's login credentials before onselling that as a package.

'The more complete data they have, the more money they can get for it.'

Cross said Spark had scanned the dark web for credentials that would provide access to MySpark accounts to help customers improve their security.

'It was a general, proactive sweep – part of a positive attempt to protect our customers.'

Bailey said people who found themselves on the list should change their password for all of the online services for which they had used it.