CeX data hack hits two million UK accounts
It’s that time again when we reset the imaginary internet sign to read “0 days without a UK data breach.” CeX has broken our run of good fortune, revealing in an email sent out late last night that nearly two million customers had had their data leaked in a hack attack.
Personal details including first name, surname, address, email address and phone number have been accessed – and in some cases, passwords were also lifted. The company explained that these were hashed, but adds that weak passwords could still be broken, and advises customers to change their login details at the earliest opportunity. Though the company stopped short of forcing a password change on everyone, despite some pressure to do so via Twitter:
Credit and debit card information was also lifted from the site, but as CeX stopped taking that information in 2009, the company believes that any cards left on the system have long-since expired. As this is an online security breach, cards used in brick-and-mortar stores were not impacted.
“We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats”, reads an answer in the data breach FAQ on the CeX website. “Clearly however, additional measures were required to prevent such a sophisticated breach occurring and we have therefore employed a cyber security specialist to review our processes. Together we have implemented additional advanced measures of security to prevent this from happening again.”
The good news is that if this is the first you’re hearing of a CeX hack, then you’re likely unaffected. The company revealed that only impacted accounts were emailed. “If you do not receive an email, your account is not affected,” the statement reads.
If you’re concerned as to whether your email address and password have been included in a data breach, it’s worth setting up email alerts on the likes of Have I Been Pwned? Though, at the time of writing, details of the CeX hack don’t seem to have reached the site. Hopefully, it’s only a matter of time, though: