Hacked Npower accounts
phone app messaging call

Hacked Npower accounts

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

In late February, it was revealed that some customers of energy company Npower had suffered hacks of their accounts via the customer app that affected its users’ private data. The company has not put a number on the victims affected, but it is believed that the attack took place in early February, after which those affected were notified of their involvement. It is currently understood that Npower is not to blame for the hack, with no evidence that the company has breached data protection law. We will outline how the hacks happened in this article. Nevertheless, those with hacked Npower accounts are at immediate risk of fraud, with criminals targeting accounts to try to break into them as opposed to successfully breaking into Npower’s own servers and systems.

As advocates of data security, we believe it is important to highlight the risks Npower app users have been exposed to, even where the company is found to not be at fault for what has happened. Even if you have not been affected by the cyberattack, it still offers a valuable lesson about the risks of data exposure and the actions we can take as individuals to protect our personal data, and how criminals can target accounts to break into them.

Hack prompts Npower to close down app

Though the exact nature and scale of the attack have not been revealed, customers have been informed of the data that has been stolen from their hacked Npower accounts, which can include:

  • contact details;
  • dates of birth;
  • addresses;
  • contact preferences (whether customers prefer to be contacted by email, text or phone call);
  • partial bank account details, including sort codes and the last four digits of account.

Following the attack, Npower closed down the app and has chosen to keep it shut down, given that they were intending to deactivate it only weeks after the hack occurred in any event. This sensible course of action has hopefully helped to prevent more information misuse.

Hacked Npower accounts and the risks of reusing passwords

The ICO is investigating the issue over hacked accounts, but Npower has already identified the type of attack. The hackers used a technique called credential stuffing, which involves inputting login details, often exposed from other websites and accounts, to see if access can be granted where people re-use credentials on more than one site. As such, the breach highlights how important it is for consumers to use as many different passwords as they can across their online accounts.

We understand that this can be difficult, given that many of us have dozens of accounts with different companies, but you do not want to put yourself at risk of having all your accounts hacked simply because one password has been stolen or exposed. Those with hacked Npower accounts are now at risk of information misuse, and need to watch out for scam calls, phishing emails and unauthorised transactions on their accounts.

While you cannot entirely prevent risks such as this, it is important to make it more difficult for fraudsters to target you by making your passwords as secure as possible.

Taking action after a cyberattack

Anyone with hacked Npower accounts should take immediate action to secure their other accounts and passwords where necessary. In fact, credential stuffing is a common form of hacking technique which all of us should remain conscious of when setting up online accounts. Anyone who has fallen victim to this hack may well have their credentials already exposed and should check all their accounts and secure them with strong and unique credentials on each platform. Make use of multi-factor authentication and login event notifications too.

As advocates of data security, we have helped many claimants to recover compensation for breaches of data privacy. Where the law has been breached, this is can be a victim’s next step in taking action to ensure those responsible are held to account.

If you need advice on a potential compensation claim, call us today for free or register your details for a call-back.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon