Skip to main content

Just to put it out there that I’ve had a warning from my security program that I’ve had a data breach on my account with OVO.  Suggest people check their accounts, especially if they are in credit.

Please give a few more details: are you saying that your credentials (username and password) for account.ovoenergy.com have been leaked somewhere? Or that the password you’re using there has appeared in a list of leaked passwords? 

Meanwhile, for anyone alarmed by this, please visit Have I Been Pwned: Check if your email has been compromised in a data breach to see whether the email address you use for your OVO account has been found in any known data breach. The site is quite safe and trusted widely. Even if the email address is on one of the lists, your OVO account will still be safe so long as you use a unique password for it.

 


I’d also suggest that while you are at “haveibeenpwned” it’s a good idea to check your passwords as well as your email addresses:
https://haveibeenpwned.com/Passwords


@SBilly could I ask what “security program” this was that gave you the message?


As the resident cybersecurity guy of the team here, I’m also curious that you’ve had your Forum account since 2018… Yet you only make your first post now and it ends up being this?

Would you care to explain please? I’m just curious but it’s unusual behaviour.


for anyone alarmed by this, please visit Have I Been Pwned: Check if your email has been compromised in a data breach to see whether the email address you use for your OVO account has been found in any known data breach. The site is quite safe and trusted widely. Even if the email address is on one of the lists, your OVO account will still be safe so long as you use a unique password for it.

 

I have since been assured by OVO that my account is okay as it was old and the account has been discontinued.  The security program I use is Bit Defender and it checks password use and access as well as having a Web Detection breach module.  In this case it showed a password breach. 


Thanks for confirming.

In future, it’s probably better to route security issues via infosec@ovoenergy.com first rather than posting publicly. More info at https://ovoenergy.com/security . Please remember that OVO appreciates responsible disclosure that gives them a chance to review first.

Bitdefender is highly reputable and I use it myself. In actual fact, I’m known for helping them out now and again.

It’s more likely to flag weak passwords than strong ones and I suspect the one you used may have been found in a breach somewhere outside of OVO - this is intended behaviour and kinda proves that it works.


@Blastoise186….. I was pretty sure that my OVO account had been changed to Octopus in the energy company crisis.  However I take the warnings from my antivirus very seriously and as this was the first time I’ve had a warning like this I decided that as a precaution I should let ‘somebody’ know.  I don’t normally get involved with forums as I’ve been trolled in the past, but when I think people are at risk of losing money (people in credit) they should know…. Isn’t it the right thing to do?  But as this seems to offend you I shouldn’t have bothered.


It’s fine this time, but worth remembering for the future.

There are a lot of companies out there who may try to sue you for going public without telling them first. OVO probably won’t bat an eyelid over this one, but I can’t say the same about other places.


Just to note that the 2 links given above to haveibeenpwned will usually tell you just which data breach(es) the email/password has been in.

Unless there are too many to list. like this very weak password which has been seen in over 300 data breaches up to now:

 


Reply