BT investigates Yahoo hack, tells BT Yahoo mail users to reset passwords

Change your password, enable two-step verification.

Graham Cluley
Graham Cluley
@[email protected]

BT investigating Yahoo hack, tells BT Yahoo mail customers to reset passwords

Back in the old days (pre-2014) BT’s internet customers could take advantage of an email system provided by Yahoo. They imaginatively called it BT Yahoo Mail.

In May 2013, BT announced it would start shifting its customers to a new system. The news was welcomed as there had been many complaints from users saying that their BT Yahoo Mail accounts had been compromised and used to send out spam messages.

Now, in 2016, we hear that Yahoo was massively hacked two years ago and that at least 500 million customer records have been stolen.

Sign up to our free newsletter.
Security news, advice, and tips.

So, does that mean users of BT Yahoo Mail are at risk too?

Right now, BT isn’t sure.

Here’s the statement they gave me:

“BT is currently investigating the Yahoo data breach. As a precaution for the minority of our customers who use Yahoo mail, we are advising those who haven’t changed their passwords post-December 2014 to change them.”

I would recommend going further than changing your Yahoo passwords if you haven’t reset it since late 2014. You should also ensure that you are not using the same password anywhere else on the web (password reuse is a cardinal sin) and that you have enabled two-step verification on as many of your online accounts as you can.

Furthermore, because Yahoo has admitted that security questions and answers have also been grabbed by the hackers, you should be careful to ensure that they don’t also come back to haunt you. It’s easy to imagine how a hacker could – perhaps with a little dab of social engineering – try to use the answers to secret questions to trick other online services into providing them access to accounts.

It doesn’t appear that the Yahoo hack has exposed 500 million passwords thank goodness. But it still makes sense to take precautions.

Read more about two-step verification:

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

5 comments on “BT investigates Yahoo hack, tells BT Yahoo mail users to reset passwords”

  1. drsolly

    … Again …

    1) Don't reuse passwords
    2) The "security questions" you give them, are actually an alternative password. Don't reuse those either. I give a different "mother's maiden name" each time I'm asked for that.

  2. Sysonya Wright

    how do I Change my password?

    1. Romeo Tibay · in reply to Sysonya Wright

      how do I change my password

    2. Paddleless · in reply to Sysonya Wright

      To change your password, log into your Yahoo account. Then click on your name at the top right of the page. In the box that appears, click on "Account Info". On the left side of the page that this takes you to (it may be in a new tab) click on "Account security". You will see the "Change password" option.

  3. Troy Whitney

    how do I change my password

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.