Sky And BT Email Users Are Caught Up In Yahoo Password Hack

Millions of Sky and BT broadband customers could be directly affected by the data breach at Yahoo.

BT used Yahoo Mail for its email service until 2013, when it started migrating users onto its own BT Mail platform. However a number of customers still have their mail provided via Yahoo, and BT is urging them to reset their password.

“A minority of BT Broadband customers have a legacy email product from Yahoo. We advise customers generally to reset their password regularly and we will be contacting affected customers specifically to help them keep their information safe,” a spokesperson told TechWeekEurope.

Yahoo Mail breach

BT was unable to confirm to TechWeekEurope just how many of its customers are using the Yahoo service, but they can check by using an online tool.

The problem could be bigger at Sky, which still uses Yahoo for its email service.

“You may have seen Yahoo’s announcement that user account information was stolen from its network in late 2014,” said the company. “If you use Sky Yahoo Mail we’d advise that you change your password to help keep your email account safe.”

More than half a billion accounts are believed to have been compromised by the hack, which took place in 2014.

“A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor,” said Bob Lors Yahoo’s CISO.

“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.

“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.”

While this goes on, Yahoo said it will be notifying potentially affected user and prompting them to change their passwords, as well as invalidate unencrypted security questions.

The company noted it is also working on enhancing its security systems to better detect and prevent unauthorised access to user’s accounts.

How well do you know network security? Try our quiz and find out!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago