Six million Sky broadband customers exposed to flaw that could let hackers steal bank info

19 November 2021, 15:55

Around six million Sky broadband customers were exposed to a security hack.
Around six million Sky broadband customers were exposed to a security hack. Picture: Alamy

By Sophie Barnett

Around six million Sky broadband customers were exposed to a security flaw that would have allowed hackers to "control millions of hubs for 18 months", a security company has warned.

Listen to this article

Loading audio...

The flaw has been fixed, but the security researchers said it took Sky nearly 18 months to fix the problem.

The bug was uncovered by the security group Pen Test Partners, who said it affected users who had not changed the router's default admin password.

As this is simple and easy to guess, hackers could easily reconfigure the router and take over a network, just by directing the user to a malicious network.

This could then give hackers access to sensitive information including log-in details for online banking.

According to the researchers, the affected router models were: Sky Hub 3 (ER110), Sky Hub 3.5 (ER115), Booster 3 (EE120), Sky Hub (SR101), Sky Hub (SR203), and the Booster 4 (SE210).

Sky said it had begun working to fix the problem as soon as it was made aware of it and it took the security of its customers "very seriously".

Cyber security expert explains what is behind the twitter hack

Pen Test Partners said there was no evidence the flaw had been exploited, but criticised Sky for the time it took to fix the issue.

It claimed the internet service provider had repeatedly pushed back deadlines it had set to fix the problem.

A spokesman for Sky said: "We take the safety and security of our customers very seriously.

"After being alerted to the risk, we began work on finding a remedy for the problem and we can confirm that a fix has been delivered to all Sky manufactured products."

The initial delay to the time it took for Sky to fix the problem was put down to the coronavirus pandemic, researchers said.

It also said it did not want to disrupt the "vastly increased network loading as working from home became the new norm".

But researchers were concerned by the speed - and time it took - for the company to respond, saying they believed Sky "did not give the patch the priority their customers deserved".

If you have a broadband router mentioned above, the research company has advised you change the passwords on it from the default ones set.

More Latest News

See more More Latest News

A police cordon blocking the inside lane of the northbound carriageway on the M1 motorway near Bucknalls Lane overpass in Hertfordshire, where a man's body was found by road workers on Monday.

Horror crash sees M1 closed 'in both directions' with emergency services including air ambulance in attendance

Bruce Springsteen performs on stage

First look at upcoming Bruce Springsteen biopic starring Jeremy Allen White divides fans

Liz Kendall, Work and Pensions Secretary and Labour MP for Leicester West spoke to LBC's Tom Swarbrick.

Liz Kendall unable to say how much the changes in the Welfare Bill announced today will end up costing

Exclusive
Brexit has unleashed ‘backstreet medicine’ across Britain, warns leading pharmacist

Brexit has unleashed ‘backstreet medicine’ across Britain, warns leading pharmacist

The record breaking ticket was bought in Munster. It is still unclaimed

'Have a cup of tea and let it sink in': Lottery bosses message to record Euromillions winner as prize yet unclaimed

Exclusive
Joe and his friends found the fraudulent listing on RightMove and OpenRent.

‘We lost £5,000 in a rental fraud scam and now we’re facing homelessness’

Ruth Jones and husband David Peet split up after 26 years. he is now in a new relationship in Canada

Gavin and Stacey star Ruth Jones splits from husband after 26 years

Iran's supreme leader has hit back at Trump.

'Nobody knows what I'm gonna do': Trump's cryptic message as Iran brands claims of Washington talks 'despicable lies'

The Adalynn and Front Eagle tankers collided and caught on fire on Tuesday close to the Strait of Hormuz.

Navigational mistake led to oil tanker collision near Strait of Hormuz, says UAE official

Marine experts are set to bring the stricken Bayesian to the surface

Tech tycoon Mike Lynch's sunken superyacht to be raised from the seabed this weekend

Police officers stand next to a restaurant as people protest against overtourism in the Balearic island of Mallorca

Spain: Brits warned of tough rules for holidaying this summer

The Home Office UK Visas & Immigration Office at Lunar House in Croydon, London, UK.

Home Office tells children, aged 11 and eight, they must return to Brazil without parents or face being 'detained'

Yvonne Ford, 59, from Barnsley.

Pictured: Brit grandmother who died from rabies after being scratched by puppy as family issues stark warning

The 35-year-old received the news after earning his biggest win in two years, which also helped him reclaim a spot in the world's top 200 rankings

Dan Evans handed Wimbledon wildcard after stunning win over world No.13 Frances Tiafoe

How Iran could hit back: The growing threat to Western bases as Israeli strikes on Tehran escalate

How Iran could hit back: The growing threat to Western bases as Israeli strikes on Tehran escalate

Jennifer Abbot, 69, was discovered stabbed to death in her Camden home

Manhunt as police search for suspect after woman, 69, stabbed to death in home over 'diamond-encrusted Rolex'