Sky And BT Email Users Are Caught Up In Yahoo Password Hack

Millions of Sky and BT broadband customers could be directly affected by the data breach at Yahoo.

BT used Yahoo Mail for its email service until 2013, when it started migrating users onto its own BT Mail platform. However a number of customers still have their mail provided via Yahoo, and BT is urging them to reset their password.

“A minority of BT Broadband customers have a legacy email product from Yahoo. We advise customers generally to reset their password regularly and we will be contacting affected customers specifically to help them keep their information safe,” a spokesperson told TechWeekEurope.

Yahoo Mail breach

BT was unable to confirm to TechWeekEurope just how many of its customers are using the Yahoo service, but they can check by using an online tool.

The problem could be bigger at Sky, which still uses Yahoo for its email service.

“You may have seen Yahoo’s announcement that user account information was stolen from its network in late 2014,” said the company. “If you use Sky Yahoo Mail we’d advise that you change your password to help keep your email account safe.”

More than half a billion accounts are believed to have been compromised by the hack, which took place in 2014.

“A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor,” said Bob Lors Yahoo’s CISO.

“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.

“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.”

While this goes on, Yahoo said it will be notifying potentially affected user and prompting them to change their passwords, as well as invalidate unencrypted security questions.

The company noted it is also working on enhancing its security systems to better detect and prevent unauthorised access to user’s accounts.

How well do you know network security? Try our quiz and find out!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Apple Orders Staff Back To Office, Three Days A Week

Memo from Tim Cook tells Apple staff in the Bay area, that from next month,…

59 mins ago

Silicon UK In Focus Podcast: Configuring Security

Do businesses need a radical change in how they approach access security? Does a shift…

2 hours ago

New US Export Controls Target China Semiconductor Firms

US introduces export controls on design software and substrate materials to block Chinese companies from…

1 day ago

US Judge Approves Apple Settlement In Retail Class Action Lawsuit

US federal judge approves settlement offered by Apple in nearly decade-old case over compensation for…

1 day ago

Ola Plans Premium Electric Car For Indian Market

SoftBank-backed ride-hailing firm Ola Electric announces range of electric cars starting in 2024 following success…

1 day ago

Faraday Future Raises Fresh Backing For Electric SUV Debut

Electric car start-up Faraday Future looks to raise up to $600m in new funds as…

1 day ago