Sky And BT Email Users Are Caught Up In Yahoo Password Hack

Millions of Sky and BT broadband customers could be directly affected by the data breach at Yahoo.

BT used Yahoo Mail for its email service until 2013, when it started migrating users onto its own BT Mail platform. However a number of customers still have their mail provided via Yahoo, and BT is urging them to reset their password.

“A minority of BT Broadband customers have a legacy email product from Yahoo. We advise customers generally to reset their password regularly and we will be contacting affected customers specifically to help them keep their information safe,” a spokesperson told TechWeekEurope.

Yahoo Mail breach

BT was unable to confirm to TechWeekEurope just how many of its customers are using the Yahoo service, but they can check by using an online tool.

The problem could be bigger at Sky, which still uses Yahoo for its email service.

“You may have seen Yahoo’s announcement that user account information was stolen from its network in late 2014,” said the company. “If you use Sky Yahoo Mail we’d advise that you change your password to help keep your email account safe.”

More than half a billion accounts are believed to have been compromised by the hack, which took place in 2014.

“A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor,” said Bob Lors Yahoo’s CISO.

“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.

“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.”

While this goes on, Yahoo said it will be notifying potentially affected user and prompting them to change their passwords, as well as invalidate unencrypted security questions.

The company noted it is also working on enhancing its security systems to better detect and prevent unauthorised access to user’s accounts.

How well do you know network security? Try our quiz and find out!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

16 mins ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

2 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

5 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

5 hours ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

6 hours ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

22 hours ago