But payment info is safe
British Gas has contacted 2,200 of its customers after their email addresses and passwords were leaked online.
The energy supplier disabled the accounts after the discovery was made, though it claims its own systems were not to blame for the breach.
The affected customers’ bank details are safe as only the password and email address were leaked – essentially enough to look at someone’s name, address and previous energy bills.
The email British Gas sent to affected customers said: “I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk.
“As you’d expect, we encrypt and store this information securely.
“From our investigations, we are confident that the information which appeared online did not come from British Gas.”
The details could have come from a hack of another website where hackers checked if users had the same password for their British Gas account, or it could have been a phishing scam, where customers were tricked into sharing their own details.