AKRON, Ohio — If you’re a FirstEnergy customer, you may have received a notice to change your password, or worse - your account may have been disabled altogether.
Upwards of six million customers have been affected by unauthorized logins to their account.
The problem is repeated hacking attempts found during a routine security check of accounts by FirstEnergy.
"People were trying to log in and were unable to. They saw a number of those," says Alex Hamerstone of Strongsville security consulting company TrustedSec.
FirstEnergy serves millions of customers in the Midwest and Mid-Atlantic regions, from Ohio up to New Jersey. And many customers found they were locked out of their online accounts this weekend.
"If you go on the internet, there are oftentimes lists of usernames and passwords that have been taken off other breaches or other situations, and what it looks like is someone was trying all of those usernames and password combinations on the FirstEnergy site," says Hamerstone.
While nearly all of the hacking attempts were unsuccessful, some of them worked. The sneaky practice is called “stuffing." Someone can easily get your username and password from one source, and then try to plug them into other accounts, like your bank or credit card, to see if they work.
"The lesson here is don’t reuse the same password on multiple sites. Don’t use the same password that you use on your email account that you use on your utility account. For things like your utilities, for your banking, for your email, make sure you’re using strong, unique passwords," says Hamerstone.
According to internet security statistics, hackers attack people worldwide roughly every half a minute - about 2,200 times a day. FirstEnergy sent out a statement to all customers, reading in part: “Out of an abundance of caution, we have disabled all online account access and are requiring our customers to reset their passwords.”
Here’s how you can reset your password on FirstEnergy’s site:
- Enter your username and email address associated with your online profile.
- You will then be sent a link to complete the password update process with best practices for setting a strong password.
Those with questions or need help are asked to visit FirstEnergy’s Contact Us page HERE.
"Sign up for those alerts, sign up for email notifications, you can set it up with your utility company or whomever. Really, you just need to pay attention to your accounts," says Hamerstone.
It’s important to note that no sensitive customer information, like your full bank account number or your credit card information is accessible through your FirstEnergy online account.