» ISP News » 

UPDATE2 BT and Sky Broadband Warn UK ISP Customers After Yahoo! Hack

Friday, September 23rd, 2016 (11:41 am) - Score 1,914

Customers of Sky Broadband and BT have been warned that some of them may have been affected after Internet giant Yahoo! confirmed that at least 500 million of its accounts were stolen in 2014 by “state-sponsored” hackers. Both ISPs make use of the company for their email platforms.

Apparently Yahoo! didn’t even realise that the event had happened until recently and then took a whole month to confirm it (good job there Yahoo!). It’s understood that the hackers stole names, email addresses, telephone numbers, dates of birth and passwords.

Yahoo! Statement by Bob Lord:

“A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.

The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.

Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.”

The problem represents an additional headache for BT and Sky Broadband since both ISPs have made use of or continue to use Yahoo!’s platform for their email services.

In BT’s case it’s merely a “legacy product used by some customers” and the provider states that a “minority of our customers are affected.”

A BT Spokesperson told ISPreview.co.uk:

“BT is currently investigating the Yahoo data breach. As a precaution for the minority of our customers who use Yahoo mail, we are advising those who haven’t changed their passwords post-December 2014 to change them.”

By comparison Sky Broadband’s Yahoo! based Sky Yahoo Mail service is still very much front and centre of their email platform, although the provider does not clarify how many of their subscribers might be affected.

A Sky Support Agent said:

“At Sky, we take the security of our customers’ data and information extremely seriously.

You may have seen that overnight Yahoo! announced that a copy of certain user account information was stolen from its company’s network in late 2014. Yahoo! is the provider of sky.com email accounts.

If you are a sky.com email holder, in line with the advice provided by Yahoo!, we advise that you change your passwords online and follow good password management practices. You can find more information and help here.”

Just because a password is encrypted doesn’t mean to say that a hacker can’t decrypt it in the space of a few seconds or minutes, depending upon the method of encryption, strength of the password itself and any available processing power at the hacker’s disposal. In other words, change your password!

Mind you the breach happened two years ago and so any damage may have already been done.

UPDATE 26th September 2016

According to the Information Commissioner’s Office (ICO), some 8 million Yahoo! linked accounts in the United Kingdom have been affected by the breach. Obviously this also includes accounts that were created separately from BT and Sky, although those two ISPs will still be responsible for a noticeable chunk of the figure.

ICO Statement

“The vast number of people affected by this cyber attack is staggering and demonstrates just how severe the consequences of a security hack can be. The US authorities will be looking to track down the hackers, but it is our job to ask serious questions of Yahoo on behalf of British citizens and I am doing that today.

We don’t yet know all the details of how this hack happened, but there is a sobering and important message here for companies that acquire and handle personal data. People’s personal information must be securely protected under lock and key – and that key must be impossible for hackers to find.”

UPDATE 28th September 2016

Sky has setup a useful information page HERE.

Leave a Comment
5 Responses
  1. Avatar Bob2002 says:

    Ah, “state sponsored hackers” no organisation can resist “state sponsored hackers”, so that’s OK then. The press(especially the American press) will now give Yahoo an easy(er) ride. Even though this typically translates to a spear phishing attack i.e. lax procedures and or dumb employees.

    Also funny the worst of this hack comes out after the Verizon sale, coincidence no doubt.

    1. Avatar brianv says:

      State-sponsored attacker, eh? Which state? Maybe the enemy is within? Just a thought.

      Disgraceful that they kept mum for over two years. Only disclosing now. Unless it was leverage tool in sale negotiations?

      when it comes to Wall St (and The City) don’t rule out anything. Pretty much all organised crime – including large scale computer hacking – has its roots in High Finance. Not least the 2015 electronic ambush and subsequent media assault on TalkTalk PLC. Evidently, all was not what it seemed there either! Forget that silly notion of spotty-face youths being behind the hack. It was a ruthlessly executed operation involving many players in Intelligence, Finance and the media.

  2. Avatar Tom says:

    BT mail accounts and Yahoo accounts have had strange crap happening to them for a long, long time. Almost as if address book pairs were leaked at some point and a spammer is now sending from the same or similar addresses to the victims address book. This is happening to accounts that I’m almost certain won’t have been “phished” or have low usage (ie, not the victims main account).

    Nobody seems to have fathomed out how that’s happened. I feel like Yahoo have very lax systems.

  3. Avatar captain.cretin says:

    Am I allowed to say “Bolllocks” to the claim they didnt know?? Practically every Yahoo account holder has known for 18 months or more, because most of us have had our accounts hacked, or had hack attempt warnings.

    The Freecycle system nearly went down under the weight of hacked accounts.

    Hell, I havent logged into mine since 2004, yet it was still hacked.

  4. Avatar timeless says:

    would have been nice to of known sooner, tho l l dont use ISP email lve moved ISP too many times and it always ends up a headache if my email is linked to my ISP so lve always had it with an external provider.. Gmail ftw.

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £22.00
    Avg. Speed 50Mbps, Unlimited
    Gift: None
  • Onestream £22.49 (*29.99)
    Avg. Speed 45Mbps, Unlimited
    Gift: None
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited
    Gift: None
  • Plusnet £22.99 (*35.98)
    Avg. Speed 36Mbps, Unlimited
    Gift: £60 Reward Card
  • Vodafone £23.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2769)
  2. FTTP (2757)
  3. FTTC (1785)
  4. Building Digital UK (1743)
  5. Politics (1667)
  6. Openreach (1622)
  7. Business (1435)
  8. FTTH (1340)
  9. Statistics (1241)
  10. Mobile Broadband (1228)
  11. Fibre Optic (1065)
  12. 4G (1058)
  13. Wireless Internet (1021)
  14. Ofcom Regulation (1015)
  15. Virgin Media (1006)
  16. EE (697)
  17. Vodafone (669)
  18. Sky Broadband (668)
  19. TalkTalk (663)
  20. 5G (518)
Helpful ISP Guides and Tips

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact