Sky customers have been advised to reset their passwords as a security measure.
In an email sent to a number of its customers, the company wrote: “At Sky we take the security of your data and information extremely seriously. To help keep your account safe we have reset the password for your Sky account.”
Sky confirmed on Twitter that the message is genuine and prompted receivers to follow the link to reset their password, although the reason behind the reset remains unclear.
“The latest news regarding password resets occurring for email accounts with sky.com, as so-called ‘precautionary measures’ that have been taken, indicates that the incident is ongoing and possibly the root cause is still unknown,” said Joseph Carson, chief security scientist & advisory CISO at Thycotic.
“If indeed this was a credential stuffing cyber-attack, then there would be an indicator of a high number of failed log-in attempts, hopefully resulting from some users following best practices by not using the same password across multiple accounts. This is what credential stuffing is trying to abuse using an automated process.”
Sky needs to be following incident response best practices and treating this incident as serious because, in many cyber-incidents, you tend to uncover more serious data breaches when you start looking harder, Carson added. “Sky customers should really start using password managers and two-factor authentications to ensure that a password is not the only security protecting sensitive data.”
UPDATE (25/07/2019): A statement from Sky:
“Sky has been informed by the provider of Sky.com email accounts that a number of accounts have been accessed without permission through an attack called ‘credential stuffing.’ This is where an intruder has obtained a list of usernames and passwords (‘credentials’) from one or more external sources illegitimately. The intruder then runs an automated program across a range of online services to see if those credentials are still valid. If the credentials match, the intruder can then log in to that account.
“We’ve already locked the accounts of everyone who has been affected. If your account has been locked, you’ll need to call us on the number above and follow the steps provided. To help keep your account as safe as possible, please ensure you regularly update your password and change any similar passwords you may use on other accounts.”