Hackers sold the information of tens of thousands of O2 bank clients on the dark web.
Data available included names, addresses, telephone numbers, passwords and emails.
Cybercriminals also offered credit and debit card information, card safety codes, bank information and IP addresses. It’s believed thousands of customers might have been at risk before O2 blocked the phishing attempt last month.
Cell phone customers were targeted with SMS messages falsely asserting their cards were refused and asking them to click a link to verify their details.
This led to a phishing website where the victims were asked to enter their personal details, not realizing it was a scam.
The information was subsequently sold on the dark web to other offenders using it to loot bank accounts and go on spending sprees. It’s not the first time hackers target O2 customers.
In 2016, hackers used data stolen by the XSplit gaming website to get O2 accounts.
O2 said: “We block illegal website links such as this, calling clients who click on the link.
“We urge everyone to be cautious.”