Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Sky says it’s resetting customers’ passwords as “good password management practice”

Sky has been getting in touch with some customers to tell them that their account passwords have been reset − but as “good password management practice” rather than a consequence of anything more sinister.

“At Sky we take the security of customer data and information extremely seriously,” a Sky spokesperson told Trusted Reviews. “We’re resetting passwords for email customers as good password management practice. We’re sorry for any inconvenience caused.”

Related: Sky Q review

The company has confirmed that these accounts haven’t been broken into, but the content of the messages that Sky sent to affected customers has provoked some criticism. They weren’t exactly crystal clear.

Sky email

Image credit: Graham Cluley

Alarm bells were further raised by the company addressing users as “Dear Customer” rather than by their own name. As security blogger Graham Cluley points out, there’s no mention of the customer’s Sky ID, nor their account number of postcode in order to offer a greater sense this wasn’t a general phishing email.

Some users were concerned enough to ignore the email and contact the @SkyHelpTeam on Twitter.

There’s also a clickable link taking customers to their sign-in page. Although the written link spells out the URL, we all know the hyperlink text can say one thing while taking you to another page. Like this, for example.

Earlier this month, in a separate incident, a number of Sky accounts were breached through an attack called ‘credential stuffing’.

“This is where an intruder has obtained a list of usernames and passwords (‘credentials’) from one or more external sources illegitimately. The intruder then runs an automated programme across a range of online services to see if those credentials are still valid. If the credentials match, the intruder can then log in to that account,” said Sky.

Stressing that this incident isn’t related to the mass password reset prompts, it added: “As a precautionary measure those accounts were locked, and customers affected were contacted directly at that time.”

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.