According to the BBC, UK energy provider British Gas has just contacted 2200 customers to warn them that their passwords may have been exposed. Email addresses and passwords of affected users showed up on popular data dumping site Pastebin. Crooks could have been able to retrieve additional personal information, such as account history, simply by logging in to each account. British Gas told the BBC:From our investigations, we are confident that the information which appeared online did not come from British Gas. The passwords could come from a phishing campaign, and not involve a server breach at all.”]
Source: https://nakedsecurity.sophos.com/2015/10/29/utility-giant-in-password-breach-quandary/