BT investigates Yahoo hack, tells BT Yahoo mail users to reset passwords

Graham Cluley

BT investigating Yahoo hack, tells BT Yahoo mail customers to reset passwords

BT investigating Yahoo hack, tells BT Yahoo mail customers to reset passwords

Back in the old days (pre-2014) BT’s internet customers could take advantage of an email system provided by Yahoo. They imaginatively called it BT Yahoo Mail.

In May 2013, BT announced it would start shifting its customers to a new system. The news was welcomed as there had been many complaints from users saying that their BT Yahoo Mail accounts had been compromised and used to send out spam messages.

Now, in 2016, we hear that Yahoo was massively hacked two years ago and that at least 500 million customer records have been stolen.

So, does that mean users of BT Yahoo Mail are at risk too?

Right now, BT isn’t sure.

Here’s the statement they gave me:

“BT is currently investigating the Yahoo data breach. As a precaution for the minority of our customers who use Yahoo mail, we are advising those who haven’t changed their passwords post-December 2014 to change them.”

I would recommend going further than changing your Yahoo passwords if you haven’t reset it since late 2014. You should also ensure that you are not using the same password anywhere else on the web (password reuse is a cardinal sin) and that you have enabled two-step verification on as many of your online accounts as you can.

Furthermore, because Yahoo has admitted that security questions and answers have also been grabbed by the hackers, you should be careful to ensure that they don’t also come back to haunt you. It’s easy to imagine how a hacker could – perhaps with a little dab of social engineering – try to use the answers to secret questions to trick other online services into providing them access to accounts.

It doesn’t appear that the Yahoo hack has exposed 500 million passwords thank goodness. But it still makes sense to take precautions.

Read more about two-step verification:

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

5 Replies to “BT investigates Yahoo hack, tells BT Yahoo mail users to reset passwords”

  1. … Again …

    1) Don't reuse passwords
    2) The "security questions" you give them, are actually an alternative password. Don't reuse those either. I give a different "mother's maiden name" each time I'm asked for that.

    1. To change your password, log into your Yahoo account. Then click on your name at the top right of the page. In the box that appears, click on "Account Info". On the left side of the page that this takes you to (it may be in a new tab) click on "Account security". You will see the "Change password" option.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES