Electricity provider Tibber hacked, 50,000 German customers affected

Hackers have attacked electricity provider Tibber and stolen data. The company confirmed this to heise security. Over 50,000 customers are apparently affected, all of them from Germany. The attackers are offering their prey for sale on the Darknet.

Since November 11, a data set with the title "Tibber Data Breach - Leaked, Download" has been available on a popular darknet forum. Some sample lines contain the name, email address, order amount and incomplete address data.

They are authentic: the data records originate from a breach in the Tibber store. The company admitted this to heise security. In its online store, Tibber sells smart energy hardware such as the "Pulse" power tracker. However, a company spokesperson emphasized that neither payment nor consumption data had been lost, nor had the hackers captured the exact addresses and passwords.

The scope of the stolen data records differs from the hackers' account. They claim to have found 243,000 lines of data, but according to Tibber, only 50,000 customers were affected. The discrepancy could be explained by multiple entries or data records split into several lines.

Investigations underway

"We immediately began investigating the incident and reported it to the Berlin police," says Merlin Lauenburg, Managing Director of Tibber Germany. On Wednesday morning, Tibber also informed the affected customers of the leak. The company is also working with the authorities and internal and external experts to clarify the incident and take improvement measures.

Tibber started out as an electricity provider with dynamic prices and sells its green electricity to customers in Northern Europe and Germany. The electricity tariffs, which are linked to the exchange price, allow households to save money with smart technology, as a report by heise online showed.

(cku)