BT investigates Yahoo hack, tells BT Yahoo mail users to reset passwords

Change your password, enable two-step verification.

BT investigating Yahoo hack, tells BT Yahoo mail customers to reset passwords

Back in the old days (pre-2014) BT's internet customers could take advantage of an email system provided by Yahoo. They imaginatively called it BT Yahoo Mail.

In May 2013, BT announced it would start shifting its customers to a new system. The news was welcomed as there had been many complaints from users saying that their BT Yahoo Mail accounts had been compromised and used to send out spam messages.

Now, in 2016, we hear that Yahoo was massively hacked two years ago and that at least 500 million customer records have been stolen.

So, does that mean users of BT Yahoo Mail are at risk too?

Right now, BT isn't sure.

Here's the statement they gave me:

"BT is currently investigating the Yahoo data breach. As a precaution for the minority of our customers who use Yahoo mail, we are advising those who haven't changed their passwords post-December 2014 to change them."

I would recommend going further than changing your Yahoo passwords if you haven't reset it since late 2014. You should also ensure that you are not using the same password anywhere else on the web (password reuse is a cardinal sin) and that you have enabled two-step verification on as many of your online accounts as you can.

Furthermore, because Yahoo has admitted that security questions and answers have also been grabbed by the hackers, you should be careful to ensure that they don't also come back to haunt you. It's easy to imagine how a hacker could - perhaps with a little dab of social engineering - try to use the answers to secret questions to trick other online services into providing them access to accounts.

It doesn't appear that the Yahoo hack has exposed 500 million passwords thank goodness. But it still makes sense to take precautions.

Tags: , ,

Smashing Security audio podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Listen now

Subscribe to the free GCHQ newsletter

, ,

5 Responses

  1. drsolly

    September 23, 2016 at 8:00 pm #

    … Again …

    1) Don't reuse passwords
    2) The "security questions" you give them, are actually an alternative password. Don't reuse those either. I give a different "mother's maiden name" each time I'm asked for that.

  2. Sysonya Wright

    September 23, 2016 at 10:34 pm #

    how do I Change my password?

    • Romeo Tibay in reply to Sysonya Wright.

      September 23, 2016 at 11:46 pm #

      how do I change my password

    • Paddleless in reply to Sysonya Wright.

      September 24, 2016 at 1:34 pm #

      To change your password, log into your Yahoo account. Then click on your name at the top right of the page. In the box that appears, click on "Account Info". On the left side of the page that this takes you to (it may be in a new tab) click on "Account security". You will see the "Change password" option.

  3. Troy Whitney

    September 25, 2016 at 4:38 pm #

    how do I change my password

Leave a Reply