The account details of as many as 2,000 customers of British Gas have been leaked online, in the third high-profile personal data leak in less than a week.
Email addresses and passwords to login to British Gas accounts were posted on the text upload website Pastebin, but the company believes the information leak was not as a result of its systems being breached.
In an email to those who are potentially affected, the Centrica-owned company said:
"I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk. As you'd expect, we encrypt and store this information securely. From our investigations, we are confident that the information which appeared online did not come from British Gas."
The leak could be the result of a phishing attack on customers and the company is investigating the cause and will be reported to the Information Commissioners Office.
On Wednesday, Marks & Spencer was forced to suspend its website after a "technical issue" meant customers could see other people's details when they logged in.
It follows a significant cyber attack on TalkTalk last week.