Tibber Deutschland GmbH

On November 10, 2024, Tibber Deutschland GmbH experienced a data breach affecting 50,000 customer records. This incident exposed personal information including names, email addresses, geographic locations (city and postcode), and total spend on purchases. The breach details have been confirmed.

The exposed data combination of names, email addresses, and geographic locations can increase the risk of targeted phishing attacks. Malicious actors could use this information to craft convincing scam emails or messages, attempting to trick individuals into revealing more sensitive data or performing actions that compromise their accounts. The inclusion of purchase spend, while not directly financial account information, could be used to add legitimacy to these social engineering attempts.

Individuals affected by this breach should immediately change their passwords for their Tibber account and any other online accounts where they may have used the same password. Using unique, strong passwords for each service is critical to prevent credential stuffing attacks, where attackers use leaked credentials from one breach to access other accounts.

It is important to be vigilant for unsolicited communications, particularly emails or messages that appear to be from Tibber or related services. Exercise caution with any requests for personal information, login credentials, or financial details. Verify the legitimacy of such requests directly with Tibber through official channels, not by responding to the suspicious communication.

Monitor your financial statements and credit reports for any unusual activity. While direct financial account details were not exposed in this breach, the combination of personal information can be used for identity theft attempts. Regularly reviewing your financial accounts can help detect and mitigate potential fraud early.