Solved

Why did I get warning from my security program that I’ve had a data breach on my account with OVO?

  • 23 March 2024
  • 9 replies
  • 184 views
SBilly
Rank

Just to put it out there that I’ve had a warning from my security program that I’ve had a data breach on my account with OVO.  Suggest people check their accounts, especially if they are in credit.

icon

Best answer by SBilly 25 March 2024, 11:28

View original
Time to save our kids world

9 replies

Firedog
Rank
Userlevel 7
Badge

Please give a few more details: are you saying that your credentials (username and password) for account.ovoenergy.com have been leaked somewhere? Or that the password you’re using there has appeared in a list of leaked passwords? 

Meanwhile, for anyone alarmed by this, please visit Have I Been Pwned: Check if your email has been compromised in a data breach to see whether the email address you use for your OVO account has been found in any known data breach. The site is quite safe and trusted widely. Even if the email address is on one of the lists, your OVO account will still be safe so long as you use a unique password for it.

 

Noel | I have no official status; I'm just a volunteer who comes here to help other customers. My gear: Aclara SGM 1416-B Electricity-only E7 meter; Chameleon IHD3-PPMID-AAA
Nukecad
Rank
Userlevel 6

I’d also suggest that while you are at “haveibeenpwned” it’s a good idea to check your passwords as well as your email addresses:
https://haveibeenpwned.com/Passwords

Today I have zero energy, I plan on going back to bed.
Nukecad
Rank
Userlevel 6

@SBilly could I ask what “security program” this was that gave you the message?

Today I have zero energy, I plan on going back to bed.
Blastoise186
Rank
Userlevel 7
Badge +1

As the resident cybersecurity guy of the team here, I’m also curious that you’ve had your Forum account since 2018… Yet you only make your first post now and it ends up being this?

Would you care to explain please? I’m just curious but it’s unusual behaviour.

Securing energy by zapping security bugs... For that is The Blastoise Way!
SBilly
Rank

for anyone alarmed by this, please visit Have I Been Pwned: Check if your email has been compromised in a data breach to see whether the email address you use for your OVO account has been found in any known data breach. The site is quite safe and trusted widely. Even if the email address is on one of the lists, your OVO account will still be safe so long as you use a unique password for it.

 

I have since been assured by OVO that my account is okay as it was old and the account has been discontinued.  The security program I use is Bit Defender and it checks password use and access as well as having a Web Detection breach module.  In this case it showed a password breach. 

Time to save our kids world
Blastoise186
Rank
Userlevel 7
Badge +1

Thanks for confirming.

In future, it’s probably better to route security issues via infosec@ovoenergy.com first rather than posting publicly. More info at https://ovoenergy.com/security . Please remember that OVO appreciates responsible disclosure that gives them a chance to review first.

Bitdefender is highly reputable and I use it myself. In actual fact, I’m known for helping them out now and again.

It’s more likely to flag weak passwords than strong ones and I suspect the one you used may have been found in a breach somewhere outside of OVO - this is intended behaviour and kinda proves that it works.

Securing energy by zapping security bugs... For that is The Blastoise Way!
SBilly
Rank

@Blastoise186….. I was pretty sure that my OVO account had been changed to Octopus in the energy company crisis.  However I take the warnings from my antivirus very seriously and as this was the first time I’ve had a warning like this I decided that as a precaution I should let ‘somebody’ know.  I don’t normally get involved with forums as I’ve been trolled in the past, but when I think people are at risk of losing money (people in credit) they should know…. Isn’t it the right thing to do?  But as this seems to offend you I shouldn’t have bothered.

Time to save our kids world
Blastoise186
Rank
Userlevel 7
Badge +1

It’s fine this time, but worth remembering for the future.

There are a lot of companies out there who may try to sue you for going public without telling them first. OVO probably won’t bat an eyelid over this one, but I can’t say the same about other places.

Securing energy by zapping security bugs... For that is The Blastoise Way!
Nukecad
Rank
Userlevel 6

Just to note that the 2 links given above to haveibeenpwned will usually tell you just which data breach(es) the email/password has been in.

Unless there are too many to list. like this very weak password which has been seen in over 300 data breaches up to now:

 

Today I have zero energy, I plan on going back to bed.

Reply


Terms & ConditionsCookie settings