FirstEnergy to require customers reset passwords after ‘suspicious activity’ detected

By Stephanie Czekalinski
Published: Sep. 5, 2021 at 9:46 PM EDT|Updated: 10 hours ago
Ohio (WOIO) - FirstEnergy is requiring customers to reset their passwords after detecting numerous login attempts and other “suspicious activity.”

The company said they believe that someone obtained a list of credentials from an outside source like the dark web and tried the user names and login combinations on a variety of websites - including FirstEnergy’s.

The practice, known as password or credential stuffing, is one of the reasons security expecters suggest that you use a different login and password for all websites.

The vast majority of login attempts were unsuccessful, the company said in a media release. But there were a number of unauthorized logins completed.

The company said that it disabled all online account access and is requiring all customers who access their accounts online to reset their passwords.

There is a limited amount of information available through a customer’s FirstEnergy online account, the company said.

A customer’s service name, street address, phone number, FirstEnergy account number and the last four digits of any associated bank accounts used to make authorized payments are available to anyone who successfully logged into an account.

“We have no evidence that any of the suspicious logons altered, accessed or retrieved any of that information,” the company wrote.

Bank account or credit card information is not available through an online customer account.

There was no threat to the operations systems at the electric utility, a spokeswoman said.

To reset your account, visit the company website. You will be prompted to change your password when you try to log into your account, a spokesperson said.

You can also call customer services at 808-LIGHTSS for help resetting your password.

FirstEnergy recommends doing the following when resetting your password:

  • Do not reuse old passwords.
  • Do not use the same password for multiple online accounts.  Every password should be unique.
  • Do not reveal your password to others.
  • Do not use words that can be found in the dictionary.
  • Follow the complexity requirements of the website (e.g., length of password, required use of special characters).
  • Do not use passwords that contain information about you (e.g., your birthday).

