BT and Sky customers hit by giant Yahoo hack
MILLIONS of Sky and BT customers may have had their email accounts hacked in the biggest data breach in history.
More than 500million email accounts held by internet firm Yahoo have been compromised by the breach – including at least eight million in the UK.
It has taken nearly two years for Yahoo to admit to the incident, which it blames on a ‘state sponsored’ computer hacker.
But the damage may well have been done already as the confidential information has been available to hackers since the breach took place in late 2014.
The stolen data includes names, passwords, email addresses, phone numbers and security questions. Criminals can use the data to hack private accounts, carry out identity fraud, and send spam emails containing rogue software that can be used to hijack computers.
BT and Sky subscribers have been affected because the companies have used email technology supplied by Yahoo. Those who hold email accounts with Yahoo may also have been affected.
Hacking victims could try to claim up to £1,000 each in compensation – even if they have not been ripped off as a result of the data theft.
In Britain it had previously been difficult to bring compensation claims under the Data Protection Act for distress caused by a breach.
But a Court of Appeal decision in 2015 opened the door for people to claim compensation for that reason, even if they suffer no financial loss as a direct result of the breach.
Yesterday, Yahoo, BT and Sky all advised customers to create new passwords and security questions and to be vigilant for suspicious activity on the accounts.
Sky said it had about 2.5million Sky.com email account holders at the time of the breach in 2014. Although not all were affected, it advised everyone with a Sky.com account to update their password and security questions.
BT said it was investigating but advised the ‘minority’ of its customers who use Yahoo mail to change these details. Yahoo email addresses are also used on photo sharing site Flickr.
Founded in 1994, Yahoo is one of the original giant internet companies. The passwords were partially encrypted but internet experts said the encryption process could be hacked as well. Yahoo said financial details were not breached as they were stored separately.
A spokesman for the Information Commissioner’s office said that ‘over eight million UK people had been affected’ by the cyber-attack.
The Information Commissioner, Elizabeth Denham, added: ‘The vast number of people affected by this cyber-attack is staggering and demonstrates just how severe the consequences of a hack can be.
‘People’s personal information must be securely protected under lock and key – and that key must be impossible for hackers to find.’
In July, US telephones giant Verizon confirmed that it will buy struggling Yahoo for £3.6billion.
The first reports that Yahoo had been hacked on a huge scale emerged in August – when a hacker called ‘Peace’ told technology website, Motherboard, he had hacked 200million user accounts.
Yahoo investigated the claim – which it said was false – but found a separate, enormous data breach.
But it was only this Tuesday that Yahoo informed Verizon it had been hacked. The information was only disclosed to the public late on Thursday.
One security analyst suggested Russia might be behind the attack. Shashank Joshi, of the Londonbased Royal United Services Institute, said: ‘Would, for example, Russian intelligence wish to conduct a large-scale hack on a major internet company like Yahoo? Absolutely they would. It is an
‘Staggering number affected’
incredibly valuable commodity.’ The hack – while the biggest in history – is just one of a long line of data thefts. Other hacked companies include Sony, MySpace, and TalkTalk.
Shares in Twitter soared yesterday amid rumours of a takeover by Google. The social networking website has struggled to turn a profit since its launch ten years ago and user numbers have stalled.
Google is one of several possible buyers – but a deal is not thought to be imminent.