Sky And BT Email Users Are Caught Up In Yahoo Password Hack

Millions of Sky and BT broadband customers could be directly affected by the data breach at Yahoo.

BT used Yahoo Mail for its email service until 2013, when it started migrating users onto its own BT Mail platform. However a number of customers still have their mail provided via Yahoo, and BT is urging them to reset their password.

“A minority of BT Broadband customers have a legacy email product from Yahoo. We advise customers generally to reset their password regularly and we will be contacting affected customers specifically to help them keep their information safe,” a spokesperson told TechWeekEurope.

Yahoo Mail breach

email-iconBT was unable to confirm to TechWeekEurope just how many of its customers are using the Yahoo service, but they can check by using an online tool.

The problem could be bigger at Sky, which still uses Yahoo for its email service.

“You may have seen Yahoo’s announcement that user account information was stolen from its network in late 2014,” said the company. “If you use Sky Yahoo Mail we’d advise that you change your password to help keep your email account safe.”

More than half a billion accounts are believed to have been compromised by the hack, which took place in 2014.

“A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor,” said Bob Lors Yahoo’s CISO.

“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.

“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.”

While this goes on, Yahoo said it will be notifying potentially affected user and prompting them to change their passwords, as well as invalidate unencrypted security questions.

The company noted it is also working on enhancing its security systems to better detect and prevent unauthorised access to user’s accounts.

How well do you know network security? Try our quiz and find out!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

TikTok Shop Expands In Europe Amidst US Uncertainty

TikTok opens e-commerce shopping in Germany, France, Italy as US future remains uncertain over divest-or-ban…

5 hours ago

Microsoft Drops AI Data Centre Projects

Microsoft drops data centre projects amounting to 2 gigawatts of power consumption as investors question…

6 hours ago

SMIC Sees Record Revenue, But Halved Profits

SMIC sees revenues rise 27 percent for 2024, but profits fall nearly 50 percent amidst…

6 hours ago

Google Brings Android Development In-House In Major Shift

Google reassures developers Android to remain open source as it brings development entirely in-house, reduces…

7 hours ago

NHS Software Provider Fined £3m Over Breach

NHS software services provider Advanced Computer Software Group fined £3m over ransomware breach that compromised…

7 hours ago