Tibber Hacked: Customer Data Stolen and Sold on Dark Web

Hackers have breached the electricity provider Tibber, stealing customer data in an attack that has reportedly impacted over 50,000 individuals in Germany. The stolen information has already been listed for sale on the dark web, according to the company’s confirmation to heise security.

As of November 11, a file titled “Tibber Data Breach – Leaked, Download” has been made available on a prominent dark web forum. The leaked samples include names, email addresses, order amounts, and partial customer address details.

Subsequent verification confirmed the authenticity of the stolen data, which was indeed extracted from Tibber’s online store. However, company representatives clarified that payment details, electricity consumption data, full addresses, and customer passwords were not compromised.

Discrepancies remain regarding the scope of the breach. While the hackers claim to have accessed 243,000 data entries, Tibber insists that only 50,000 customers were affected. This disparity may be explained by duplicate records or the segmentation of data across multiple entries.

Following the incident, Tibber promptly initiated an internal investigation and notified the Berlin police. On November 13, affected users were informed of the breach. The company is now working closely with law enforcement and cybersecurity experts to uncover the full extent of the attack and to bolster its security measures.