Two million customers hit by CeX hack

It's that time again when we reset the imaginary internet sign to read "zero days without a UK data breach".

CeX has broken our run of good fortune, revealing in an email sent out late last night that nearly two million customers had had their data leaked in a hack attack.

Personal details including first name, surname, address, email address and phone number have been accessed and in some cases, passwords were also lifted. The company explained that these were hashed, but adds that weak passwords could still be broken, and advises customers to change their login details at the earliest opportunity. Though the company stopped short of forcing a password change on everyone, despite some pressure to do so via Twitter:

Credit and debit card information was also lifted from the site, but as CeX stopped taking that information in 2009, the company believes that any cards left on the system have long-since expired. As this is an online security breach, cards used in brick-and-mortar stores were not impacted.

"We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats," reads an answer in the data breach FAQ on the CeX website. "Clearly however, additional measures were required to prevent such a sophisticated breach occurring and we have therefore employed a cyber security specialist to review our processes. Together we have implemented additional advanced measures of security to prevent this from happening again."

The good news is that if this is the first you're hearing of a CeX hack, then you're likely unaffected. The company revealed that only impacted accounts were emailed. "If you do not receive an email, your account is not affected," the statement reads.

Photo by A_man_alone / CC BY 2.0

Alan Martin

After a false career start producing flash games, Alan Martin has been writing about phones, wearables and internet culture for over a decade with bylines all over the web and print.

Previously Deputy Editor of Alphr, he turned freelance in 2018 and his words can now be found all over the web, on the likes of Tom's Guide, The i, TechRadar, NME, Gizmodo, Coach, T3, The New Statesman and ShortList, as well as in the odd magazine and newspaper.

He's rarely seen not wearing at least one smartwatch, can talk your ear off about political biographies, and is a long-suffering fan of Derby County FC (which, on balance, he'd rather not talk about). He lives in London, right at the bottom of the Northern Line, long after you think it ends.

You can find Alan tweeting at @alan_p_martin, or email him at mralanpmartin@gmail.com.