CLEVELAND, Ohio – FirstEnergy has blocked the online accounts of six million customers because of repeated hacking attempts and has told customers they must reset their passwords to regain access.
During a routine security check, FirstEnergy found there were numerous recent “unauthorized attempts to log into customer accounts,” an email sent by the electric company Sunday morning says. While nearly all of the attempts did not work, some were successful.
The login information was “obtained from a source outside of FirstEnergy,” FirstEnergy spokeswoman Jennifer Young said Sunday afternoon. This method is commonly referred to as a password or credential “stuffing,” Young said, which happens when someone gets a list of credentials from one source and tries them on a variety of websites.