Incident or just best practice? Sky urges account holders to change passwords, prompting speculation of an incident
There is speculation of a possible a security incident at Sky, after it emailed account holders asking them to change their passwords immediately.
The Sky email said the password change was part of a “security measure”, Techradar reported, and the email alert apparently contains a link for users to choose a new password.
But with no public confirmation from Sky, it should be remembered that there could have been no security issue that has promoted the password change request. Indeed, Sky reportedly said it has not been breached.
“At Sky we take the security of your data and information extremely seriously. To help keep your account safe we have reset the password for your Sky account,” the email reportedly reads.
A number of Sky customers took to Twitter to ask Sky if the emails were genuine, or part of a phishing scam.
The firm’s official account apparently replied they were genuine, Techradar reported.
“To help keep customer’s accounts safe we occasionally reset the password for Sky accounts. Customers can reset their password online at Sky.com,” a Sky spokesperson reportedly said, but said the company has not been breached.
However the account also reportedly told some customers that the reset was linked to “part of the incident that happened last week”, possibly referencing a recent attack.
Sky has reportedly already locked the accounts of all affected users, who will need to contact the company to get control back.
The lack of public confirmation from the company has not helped matters, and it be noted that Sky’s password advisory could be down to data breaches at other firms, with hackers trying to access Sky accounts using data stolen in other breaches.
“The latest news regarding password resets occurring for email accounts with sky.com, as so-called “precautionary measures” that have been taken, indicates that the incident is ongoing and possibly the root cause is still unknown,” noted Joseph Carson, Chief Security Scientist & Advisory CISO at Thycotic.
“If indeed this was a credential stuffing cyberattack, then there would be an indicator of a high number of failed logon attempts, hopefully resulting from some users following best practices by not using the same password across multiple accounts,” Carson added. “This is what credential stuffing is trying to abuse using an automated process.”
“Credential stuffing normally happens when using credentials from other data breaches and attempting to use those same passwords to unlock accounts from other online services, such as email or bank accounts,” he said. “Credential stuffing can raise alarms quite quickly if monitoring is in place.”
“Sky need to be following incident response best practices and treating this incident as serious because, in many cyber incidents, you tend to uncover more serious data breaches when you start looking harder,” he added. “Sky customers should really start using password managers and two factor authentications to ensure that a password is not the only security protecting sensitive data.”
Do you know all about security? Try our quiz!