Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 65k members.


    Advertisement

    Results 1 to 9 of 9
    Like Tree1Likes
    • 1 Post By Isitme

    Yahoo mail hack

    This is a discussion on Yahoo mail hack within the Sky Email and Portal Log-in forums, part of the Sky Broadband help and support category; Yahoo email was hacked in 2014, after 2 years they have admitted it. Hackers have obtained real names, addresses and ...

    1. #1
      Keelhaul's Avatar
      Keelhaul is offline Sky User Member
      Exchange: 01792
      Broadband ISP: Other ISP
      Router: Sagem F@ST 2504
      Sky TV: Sky Basic
      Join Date
      Apr 2009
      Posts
      11
      Thanks
      2
      Thanked 0 Times in 0 Posts

      Yahoo mail hack

      Yahoo email was hacked in 2014, after 2 years they have admitted it. Hackers have obtained real names, addresses and mobile phone numbers. If you have used Sky email and given them all this information, you might be up **** creek. I suggest users change their passwords. Information from the hack is being sold on the web. The hack may not have stopped.

      Half! a! billion! Yahoo! email! accounts! raided! by! 'state! hackers!'

      Not a word has come from Sky over this mess. Do Sky have to use our real names in the emails they supply? What other info has been leaked - CC details for example.


    2. Advertisement
    3. #2
      Isitme's Avatar
      Isitme is offline Sky User Moderator
      Exchange: Bannockburn
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR102
      Sky TV: Sky+ HD
      Join Date
      Dec 2006
      Location
      Central Scotland
      Posts
      34,256
      Thanks
      65
      Thanked 1,655 Times in 1,616 Posts

      Re: Yahoo mail hack

      Sky have now acknowledged the leak - https://www.sky.com/help/articles/spam-and-hoax-emails

      Best advice is to change your password and security questions if possible.

      TomD


      Please note the views and recommendations in my posts are my own and in no way reflect the views of SkyUser.


      Useful Utilites

      http://www.nirsoft.net/utils/wifi_information_view.html/ TCPOptimiser /Test Socket

      Note - When downloading always select the Custom install or you will end up with stuff you don't want.





    4. #3
      The Realist's Avatar
      The Realist is offline Sky User Member
      Exchange: Anything
      Broadband ISP: Sky Fibre 100GB Trial Gold X
      Router: Sky Q Hub Mk7 Trial Gold
      Sky TV: SkyQ/Motorised
      Join Date
      Mar 2007
      Location
      Behind You
      Posts
      1,047
      Thanks
      3
      Thanked 29 Times in 29 Posts

      Re: Yahoo mail hack

      And the above brief says "We have confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor," said Yahoo!'s chief information security officer Bob Lord on Tumblr today.

      "The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.

      And

      Yahoo! has said it will email all those thought to be affected by the theft and is advising everyone who hasn't changed their passwords in the last two years to do so. If you've forgotten your password however, you could be out of luck – security questions that Yahoo! was storing in unencrypted format have been deleted from the system.
      Disclaimer: The views expressed here are my own and in no way represent the views or policies of my employer.


    5. #4
      lettice's Avatar
      lettice is offline Sky User Member
      Exchange: 0.4 mile away and cabinet 350 yards
      Broadband ISP: Sky Fibre Max
      Router: ER110UK Sky Q hub
      Sky TV: SkyQ2tb + minis
      Join Date
      Jun 2011
      Location
      England
      Posts
      2,034
      Thanks
      12
      Thanked 191 Times in 182 Posts

      Re: Yahoo mail hack

      The annoying thing with this is that you have a yahoo email account if you like it or not and is set as your default account sharing the same credentials as your sky id.
      Still, change the password regularly and make the email for the sky id account something that is not the yahoo one is the best bet, a semi two step authorisation.
      Never used the yahoo email or any email account that sky have provided. Would be good if you could remove it as a service.
      About time sky did a proper two step authorisation.

    6. #5
      The Realist's Avatar
      The Realist is offline Sky User Member
      Exchange: Anything
      Broadband ISP: Sky Fibre 100GB Trial Gold X
      Router: Sky Q Hub Mk7 Trial Gold
      Sky TV: SkyQ/Motorised
      Join Date
      Mar 2007
      Location
      Behind You
      Posts
      1,047
      Thanks
      3
      Thanked 29 Times in 29 Posts

      Re: Yahoo mail hack

      Email just sent out.

      At Sky, we take the security of your data extremely seriously.

      You may have seen that overnight Yahoo has announced that a copy of certain user account information was stolen from their network in late 2014. Yahoo is the provider of sky.com email accounts and we have been working closely with them to find out more about the extent of what has happened.

      We are contacting you as a precaution as you are a sky.com email holder.
      You should change your email and Sky ID password and you can do both at once here. You do not need to call us as only you can change your password.

      You should also follow good password management practices, including changing similar passwords you may use on other accounts. You can find more information here.

      Yahoo have also issued a Q&A about the incident. You can find it here.

      Please be assured that we will continue to work closely with Yahoo on behalf of all our customers and will contact you if Yahoo advise that you need to do anything further.

      Stephen van Rooyen
      UK & Ireland CEO, Sky
      - - - Updated - - -

      LOL don't you think if a hacker had your email address, password etc from 2014 your account would of been hacked by now.
      Disclaimer: The views expressed here are my own and in no way represent the views or policies of my employer.


    7. #6
      Isitme's Avatar
      Isitme is offline Sky User Moderator
      Exchange: Bannockburn
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR102
      Sky TV: Sky+ HD
      Join Date
      Dec 2006
      Location
      Central Scotland
      Posts
      34,256
      Thanks
      65
      Thanked 1,655 Times in 1,616 Posts

      Re: Yahoo mail hack

      Yes, its like locking the stable door.
      Angel_Rex likes this.

      TomD


      Please note the views and recommendations in my posts are my own and in no way reflect the views of SkyUser.


      Useful Utilites

      http://www.nirsoft.net/utils/wifi_information_view.html/ TCPOptimiser /Test Socket

      Note - When downloading always select the Custom install or you will end up with stuff you don't want.





    8. #7
      seawright's Avatar
      seawright is offline Sky User Member
      Exchange: 02392
      Broadband ISP: Other ISP
      Router: Non Sky Router
      Sky TV: Sky+HD box
      Join Date
      Jul 2012
      Posts
      3,458
      Thanks
      65
      Thanked 379 Times in 369 Posts

      Re: Yahoo mail hack

      Password breach could have ripple effects well beyond Yahoo | Daily Mail Online

      As investors and investigators weigh the damage of Yahoo's massive breach to the internet icon, information security experts worry that the record-breaking haul of password data could be used to open locks up and down the web.
      While it's unknown to what extent the stolen data has been or will be circulating, giant breaches can send ripples of insecurity across the internet.
      'Data breaches on the scale of Yahoo are the security equivalent of ecological disasters,' said Matt Blaze, a security researcher who directs the Distributed Systems Lab at the University of Pennsylvania, in a message posted to Twitter .
      Yahoo's headquarters in Sunnyvale, Calif. As investors and investigators weigh the damage of Yahoo's massive breach to the internet icon, information security experts worry that the record-breaking haul of password data could be used to open locks up and down the web. While it's unknown to what extent the stolen data has been or will be circulating, giant breaches can send ripples of insecurity across the internet.

      CREDENTIAL SHUFFLING

      'Credential stuffing,' works by throwing leaked username and password combinations at a series of websites in an effort to break in, a bit like a thief finding a ring of keys in an apartment lobby and trying them, one after the other, in every door in the building.
      Software makes the trial-and-error process practically instantaneous.
      Credential stuffing typically succeeds between 0.1 percent and 2 percent of the time


      A big worry is a cybercriminal technique known as 'credential stuffing,' which works by throwing leaked username and password combinations at a series of websites in an effort to break in, a bit like a thief finding a ring of keys in an apartment lobby and trying them, one after the other, in every door in the building.
      Software makes the trial-and-error process practically instantaneous.
      Credential stuffing typically succeeds between 0.1 percent and 2 percent of the time, according to Shuman Ghosemajumder, the chief technology officer of Mountain View, California-based Shape Security.
      That means cybercriminals wielding 500 million passwords could conceivably hijack tens of thousands of other accounts.
      'It becomes a numbers game for them,' Ghosemajumder said in a telephone interview.
      So will the big Yahoo breach mean an explosion of smaller breaches elsewhere, like the aftershocks that follow a big quake?
      Ghosemajumder doesn't think so.
      He said he didn't see a surge in new breaches so much as a steady increase in attempts as cybercriminals replenish their stock of freshly hacked passwords.
      It's conceivable as well that Yahoo passwords have already been used to hack other services; the company said the theft occurred in late 2014, meaning that the data has been compromised for as long as two years.
      'It is like an ecological disaster,' Ghosemajumder said in a telephone interview. 'But pick the right disaster. It's more like global warming than it is an earthquake. ... It builds up gradually.'
      The first hint that something was wrong at Yahoo came when Motherboard journalist Joseph Cox started receiving supposed samples of credentials hacked from the company in early July.
      Several weeks later, a cybercriminal using the handle 'Peace' came forward with 5,000 samples — and the startling claim to be selling 200 million more.
      On Aug. 1 Cox published a story on the sale , but the journalist said he never established with any certainty where Peace's credentials came from.
      He noted that Yahoo said most of its passwords were secured with one encryption protocol, while Peace's sample used a second.
      Either Peace drew his sample from a minority of Yahoo data or he was dealing with a different set of data altogether.
      'With the information available at the moment, it's more likely to be the latter,' Cox said in an email Tuesday.
      The Associated Press has been unable to locate Peace. The darknet market where the seller has been active in the past has been inaccessible for days, purportedly due to cyberattacks.
      At the moment it's not known who holds the passwords or whether a state-sponsored actor, which Yahoo has blamed for the breach, would ever have an interest in passing its data to people like Peace.
      Meanwhile Yahoo users who recycle their passwords across different sites may be at risk.
      And while an internet-wide password reset is one option, Yahoo's announcement that some security questions were compromised too means that the risks associated with the breach are likely to linger.

      A password can be changed, after all, but how do you reset your mother's maiden name?

    9. #8
      Isitme's Avatar
      Isitme is offline Sky User Moderator
      Exchange: Bannockburn
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR102
      Sky TV: Sky+ HD
      Join Date
      Dec 2006
      Location
      Central Scotland
      Posts
      34,256
      Thanks
      65
      Thanked 1,655 Times in 1,616 Posts

      Re: Yahoo mail hack

      A password can be changed, after all, but how do you reset your mother's maiden name?
      As I said earlier, it is advisable also to change your security question.

      TomD


      Please note the views and recommendations in my posts are my own and in no way reflect the views of SkyUser.


      Useful Utilites

      http://www.nirsoft.net/utils/wifi_information_view.html/ TCPOptimiser /Test Socket

      Note - When downloading always select the Custom install or you will end up with stuff you don't want.





    10. #9
      davews's Avatar
      davews is offline Sky User Member
      Exchange:
      Broadband ISP: Sky Broadband Unlimited
      Router: Non Sky Router
      Sky TV: none
      Join Date
      May 2013
      Posts
      59
      Thanks
      0
      Thanked 5 Times in 5 Posts

      Re: Yahoo mail hack

      My security question is the 'memorable date' - I rather doubt any hacker would guess it was my Mum's date of birth. I am also not sure this would be part of the information Yahoo have, their security questions are totally different.
      In reality I rather suspect that the Sky data was not part of this particular hack though we have to assume the worst. Both the username and password are unique to my Sky account so the Daily Mail stuff doesn't apply. Nor is my Sky email account actively used. My only active use of Yahoo is via Yahoogroups (again a different and very obscure password, changed twice since 2014).

      As an update, if you sign directly in at yahoo.com rather than via the Sky portal you will see that your profile details are not there - if you click on the link for your profile it redirects to sky.com and you have to separately login with your SkyID. This means that most of your data including the security question are NOT stored on Yahoo servers. I suspect all that is stored in Yahoo is your login details, username and password, sufficient for logging into the email portal. If you actively use Web Mail (I don't) then you may have added other things like your name there - the name field on my email account is blank. So yes, username and passwords may have been breached (and password will almost certainly be encrypted), but nothing else.
      Last edited by davews; 29-09-16 at 12:08 PM.

     

     

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2017. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION