Yahoo provides Sky customers with email services. And, as you’ve no doubt heard, Yahoo has just officially confirmed that it was massively hacked back in 2014 – exposing some half a billion customer records.
Where does that leave Sky email customers? Sadly in the same boat as Yahoo customers.
Here is what Sky is telling its customers:
At Sky, we take the security of our customers’ data and information extremely seriously.
You may have seen that overnight Yahoo! announced that a copy of certain user account information was stolen from its company’s network in late 2014. Yahoo! is the provider of sky.com email accounts.
If you are a sky.com email holder, in line with the advice provided by Yahoo!, we advise that you change your passwords online and follow good password management practices.
Good password practices means ensuring that you’re not reusing the same password anywhere else online, making sure that your passwords are strong, hard to crack and impossible to guess.
My advice? Get yourself a decent password manager and – where possible – enable two-step verification to further defend your online accounts.
Of course it’s worth remembering that it’s not currently thought that the passwords of those 500 million Yahoo users have been stolen. But other credentials have been (email addresses, phone numbers, dates of birth, and sensitive security questions and answers).
And that’s still enough information for online criminals to cause a mischief and potentially break into accounts.
You can read more advice in my article on the Yahoo breach.
A similar warning has been issued for users of BT Yahoo Mail.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
2 comments on “Sky customers told to change passwords after massive Yahoo hack”
As per the message I sent Graham on Twitter the other day, Sky takes customers security seriously by limiting passwords to using letters & numbers only !!!!!
And something I bet they are also kicking themselves for, at least I would hope is that they didn't get Yahoo to enable 2SV on Sky accounts when it was first introduced despite customers back then asking for it.
2SV is good practice but the severity of this attack would probably have rendered it useless simply because Yahoo had so much material compromised.
2SV will make it more difficult against somebody who guesses your password; it won't stop a determined hacker or an actor who substantially compromises (as is the case here) an organisation's systems.