You may be a customer of sky and got your password reset. Corresponding e-mails, which also indicate that you will receive mail with an activation code, are genuine. According to Sky, it has reason to believe that cybercriminals could have temporarily gained access to customer accounts on sky.de. IT security measures were immediately taken by the company to stop unauthorized access. Furthermore, an investigation has been initiated, customers have been informed and the responsible data protection authorities have been informed.
Sky’s investigation is still ongoing. It is unclear whether these are credential stuffing attacks. A credential stuffing attack is a type of cyber attack in which an attacker attempts to enter credentials stolen from other websites into another website in order to gain access. The attacker uses a list of stolen usernames and passwords to (automatically) log in. If successful, it can use affected users’ accounts to cause harm or steal sensitive information. To protect against a credential stuffing attack, users should use strong and one-time passwords.
According to Sky’s findings so far, the cybercriminals could have temporarily accessed personal data. At the present time, there are no signs of specific misuse of this data, apart from additional subscriptions for some of the affected customers. The criminals never had access to the full payment details, as IBAN/credit card numbers are masked by default to only show the last five digits, according to Sky. Incidentally, those who have not been notified are not affected.
Transparency: This article contains affiliate links. Clicking on it will take you directly to the provider. If you decide to make a purchase there, we will receive a small commission. Nothing changes in the price for you. Partner links have no influence on our reporting.
