Tech

Credentials stuffing attack prompts password resets for Sky customers

British telco has locked Sky iD accounts as a safety measure following a credential stuffing attack last month.

Written by Catalin Cimpanu, Contributor July 24, 2019 at 9:35 p.m. PT

See als

10 dangerous app vulnerabilities to watch out for (free PDF)

British telco Sky has locked Sky.com iD accounts as a safety measure following a credentials stuffing attack detected last month.

The measure was taken as a precaution, the company told ZDNet via email.

Hackers accessed some Sky.com email accounts following last month's credentials stuffing attack, but those users had their accounts locked and were notified at the time.

The Sky.com accounts that have been locked yesterday have not been breached, the company told us.

Instead, Sky said they were locking accounts and prompting users to reset their passwords "as [a] good password management practice."

Customers are being notified via email, asked to visit a page on the company's site, where they're asked to call a phone number where an automate system will unlock their accounts, and then go through a series of steps to reset their Sky iD account passwords.

@SkyHelpTeam Hi, received this email from sky, Is this legit? pic.twitter.com/yXNOSjDVY7
— Dougie (@dougiethebear) July 24, 2019

Depending on when a Sky user has received an email notification from the company, they can tell if their account has been accessed by hackers, or not.

Credential stuffing attacks are when hackers use username and password combinations that have been made public through security breaches at other companies, and use them to gain access to accounts on other services, hoping that users had reused passwords across accounts.

These types of attacks have been growing in frequency at an alarming rate since last year.

Companies like ad blocker AdGuard, banking giant HSBC, social media site Reddit, video sharing portal DailyMotion, delivery service Deliveroo, enterprise tool Basecamp, restaurant chain Dunkin' Donuts, and tax filing service TurboTax have all publicly acknowledged being on the receiving end of credential stuffing attacks, where hackers had gained access to some accounts.