CLEVELAND — FirstEnergy recently asked all customers to change their password as the company said there have been multiple attempts by scammers to access customers’ accounts. 

What You Need To Know

  • FirstEnergy is requiring all customers to reset their password

  • The company said that someone has attempted to access accounts, and successfully accessed some accounts

  • FirstEnergy said that customers’ full bank accounts and credit card numbers were not accessed

  • The company’s operations were not impacted by the account breaches

FirstEnergy noted that while most attempts to access accounts were not successful, a handful were. 

Although someone was able to access customer accounts, they would have been unable to access full bank account or credit card information, the company noted. The type of information that is available by logging into an account includes the customer’s service name, street address, email address, phone number, FirstEnergy account number, and the last four digits of any associated banking accounts previously authorized for bill payment and certain functions to start and stop utility service.

“As part of our security processes to help keep customer accounts safe, we regularly monitor FirstEnergy’s website and customer online accounts,” FirstEnergy said in a statement. “We recently detected suspicious activity involving numerous attempts to log into customer accounts using credentials obtained from a source outside of FirstEnergy. This is commonly referred to as credential stuffing, which can occur when someone obtains a list of potential usernames and passwords from one source and tries them on a variety of other websites. While the vast majority of these attempts were unsuccessful, we became aware that a number of unauthorized logins were completed.”

FirstEnergy also noted that there is no threat against the company’s power service and company operations were not impacted by this activity. 

FirstEnergy has 2.1 million customers in the state of Ohio. Most of FirstEnergy’s customers in Ohio are in northeast Ohio. It also serves customers in five other states. 

FirstEnergy offered customers the following tips for setting a new password: 

  • Do not reuse old passwords.
  • Do not use the same password for multiple online accounts.  Every password should be unique
  • Do not reveal your password to others
  • Do not use words that can be found in the dictionary
  • Follow the complexity requirements of the website (e.g., length of password, required use of special characters)
  • Do not use passwords that contain information about you (e.g., your birthday)

Related Stories