Npower, an energy provider owned by E.ON, one of the UK’s biggest energy providers, removed its app after it experienced a cyberattack in which users’ login data was stolen and used to access customer accounts.
Although the energy provider has not yet revealed how many customers were affected by the breach, it has been speculated that users’ contact information and some financial details may have been accessed, while MoneySavingExpert.com has said that full account numbers have not been taken.
Npower has said, “we identified suspicious cyber activity affecting the npower mobile app, where someone has accessed customer accounts using login data stolen from another website. This is known as credential stuffing.”