Sky And BT Email Users Are Caught Up In Yahoo Password Hack

Millions of Sky and BT broadband customers could be directly affected by the data breach at Yahoo.

BT used Yahoo Mail for its email service until 2013, when it started migrating users onto its own BT Mail platform. However a number of customers still have their mail provided via Yahoo, and BT is urging them to reset their password.

“A minority of BT Broadband customers have a legacy email product from Yahoo. We advise customers generally to reset their password regularly and we will be contacting affected customers specifically to help them keep their information safe,” a spokesperson told TechWeekEurope.

Yahoo Mail breach

BT was unable to confirm to TechWeekEurope just how many of its customers are using the Yahoo service, but they can check by using an online tool.

The problem could be bigger at Sky, which still uses Yahoo for its email service.

“You may have seen Yahoo’s announcement that user account information was stolen from its network in late 2014,” said the company. “If you use Sky Yahoo Mail we’d advise that you change your password to help keep your email account safe.”

More than half a billion accounts are believed to have been compromised by the hack, which took place in 2014.

“A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor,” said Bob Lors Yahoo’s CISO.

“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.

“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.”

While this goes on, Yahoo said it will be notifying potentially affected user and prompting them to change their passwords, as well as invalidate unencrypted security questions.

The company noted it is also working on enhancing its security systems to better detect and prevent unauthorised access to user’s accounts.

How well do you know network security? Try our quiz and find out!