We've updated our Privacy and Cookies Policy
We've made some important changes to our Privacy and Cookies Policy and we want you to know what this means for you and your data.
Great Western Railway accounts breached
A British rail operator has reset more than a million customer accounts after discovering hackers had successfully breached a small percentage of them.
Great Western Railway said that about 1,000 of its passengers' details had been exposed.
The business - which runs trains between London, Penzance and Worcester - is part of the transport operator FirstGroup.
It said all bank information had been protected by encryption.
"We have identified unauthorised automated attempts to access a small number of GWR.com accounts over the past week," a spokesman told the 大象传媒.
"While we were able to shut this activity down quickly and contact those affected, a small proportion of accounts were successfully accessed.
"The success rate of the automated logins was extremely low, suggesting any passwords used were likely harvested elsewhere," the company added.
The firm added that the decision to reset all customer accounts had been taken as a precautionary step.
Some recipients of the alert had questioned if it was real, as the email address it had been sent from seemed unusual.
This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter and before accepting. To view this content choose 'accept and continue'.
End of Twitter content
One cyber-security expert said the incident served as a reminder that people should use a different, complex password for each online service they used.
"In the wake of large data breaches, we often see large caches of credentials go on sale on the dark web," commented Rashmi Knowles from RSA Security.
"Hackers know that consumers use the same passwords for multiple accounts, and that these credentials will open doors into emails, banks, or in this case railway accounts.
"I would suspect that is what is happening here, and that GWR accounts have been accessed by people trying their luck with stolen credentials," said Ms Knowles.
Top Stories
More to explore
Most read
Content is not available