Sky broadband customers are mysteriously being told to reset their passwords, raising fears that the company may have been hit by a data breach.
A number of customers have received an email from the company, addressed to "Dear Customer", containing a link to reset their passwords.
"At Sky we take the security of your data and information extremely seriously," the email states.
"To help keep your account safe we have reset the password for your Sky account. You will now need to choose a new password to access your account.
"We're sorry for any inconvenience caused."
Understandably, many customers thought the email was a phishing attempt, and contacted the Sky Help Team on Twitter for clarification.
However, the company has confirmed that the emails are a legitimate "security measure".
"To help keep customer's accounts safe we occasionally reset the password for Sky accounts," a spokesperson for the company said.
"Customers can reset their password online at Sky.com."
Sky has published a brief FAQ with more details on its website.
It states that Sky has been informed by the provider of Sky.com email (Yahoo) that a number of email accounts have been accessed without permission through an attack called "credential stuffing".
This is where an intruder has obtained a list of usernames and passwords (“credentials”) from one or more external sources illegitimately.
The intruder then runs an automated programme across a range of online services to see if those credentials are still valid. If the credentials match, the intruder can then log in to that account.
"We've already locked the accounts of everyone who has been affected," Sky states.
"To help keep your account as safe as possible, please ensure you regularly update your password and change any similar passwords you may use on other accounts."
Cybersecurity expert Graham Cluley criticised the way Sky has handled the issue, claiming that telling people to change their passwords without an explanation is "likely to give the typical user collywobbles".
"Banks who care about their users' account security don’t send out password reset links because they know that it’s the kind of dirty trick used by fraudsters," he said,
"Instead they tell you to visit the website and reset your password as part of the regular login process.
"Maybe other companies with online accounts could learn a thing or two from that."
If your Sky account has been locked, you can call the company on 03442 411 280 . The company's automated system will unlock your account, and you'll then be able to reset you password.
Source: Read Full Article