Credentials stuffing attack prompts password resets for Sky customers
British telco Sky has locked Sky.com iD accounts as a safety measure following a credentials stuffing attack detected last month.
The measure was taken as a precaution, the company told ZDNet via email.
Hackers accessed some Sky.com email accounts following last month's credentials stuffing attack, but those users had their accounts locked and were notified at the time.
The Sky.com accounts that have been locked yesterday have not been breached, the company told us.
Instead, Sky said they were locking accounts and prompting users to reset their passwords "as [a] good password management practice."
Customers are being notified via email, asked to visit a page on the company's site, where they're asked to call a phone number where an automate system will unlock their accounts, and then go through a series of steps to reset their Sky iD account passwords.
Depending on when a Sky user has received an email notification from the company, they can tell if their account has been accessed by hackers, or not.
Credential stuffing attacks are when hackers use username and password combinations that have been made public through security breaches at other companies, and use them to gain access to accounts on other services, hoping that users had reused passwords across accounts.
These types of attacks have been growing in frequency at an alarming rate since last year.
Companies like ad blocker AdGuard, banking giant HSBC, social media site Reddit, video sharing portal DailyMotion, delivery service Deliveroo, enterprise tool Basecamp, restaurant chain Dunkin' Donuts, and tax filing service TurboTax have all publicly acknowledged being on the receiving end of credential stuffing attacks, where hackers had gained access to some accounts.
These are the worst hacks, cyberattacks, and data breaches of 2019 (so far)
More data breach coverage:
- Robinhood admits to storing some passwords in cleartext
- Hackers breach FSB contractor, expose Tor deanonymization project and more
- Bulgaria's hacked database is now available on hacking forums
- Hackers breach 62 US colleges by exploiting ERP vulnerability
- Slack resets passwords for 1% of its users because of 2015 hack
- Pale Moon says hackers added malware to older browser versions
- A hacker assault left mobile carriers open to network shutdown CNET
- 90% of data breaches in US occur in New York and California TechRepublic