Millions of mobile users at risk after Three customer database breach

Hackers have gained access to a database containing the personal details of up to six million customers of mobile carrier Three. A report in the Telegraph cites 'sources familiar with the incident', but while Three has confirmed a security breach took place, the company is yet to provide precise details.

What we do know is that the incident took place when hackers used employee login credentials to access the customer upgrade database. It is thought that the hackers gained accessed to customer names, addresses, phone numbers and dates of birth, but financial details were not exposed.

News of the breach will be of concern to Three customers, but it seems to have come about as a result of human error rather than an inherent problem with software or network security.

There is some comfort to be gleaned from the fact that payment information seems to have been kept safe, but when large amounts of personal information is scooped up, it opens up the opportunity for socially engineered attacks to gain more details.

Three reports that it has suffered a large number of handset thefts recently, with the hackers using the database to intercept orders. The stolen phones could then be sold on for profit, reports the Telegraph.

A spokesman for Three said:

Over the last four weeks Three has seen an increasing level of attempted handset fraud. This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices.

We've been working closely with the Police and relevant authorities. To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity. The investigation is ongoing and we have taken a number of steps to further strengthen our controls. In order to commit this type of upgrade handset fraud, the perpetrators used authorized logins to Three's upgrade system. This upgrade system does not include any customer payment, card information or bank account information.

The National Crime Agency has already arrested three men on suspicion of computer misuse offenses and attempting to pervert the course of justice. All three have been bailed as the investigation continues.

If you are concerned that your data could have been accessed in the hack, you are advised to call Three on 333 from a Three phone, or on 0333 338 1001.

Image credit: mubus7 / Shutterstock.com