Six million Sky broadband customers exposed to flaw that could let hackers steal bank info

19 November 2021, 15:55

Around six million Sky broadband customers were exposed to a security hack.
Around six million Sky broadband customers were exposed to a security hack. Picture: Alamy

By Sophie Barnett

Around six million Sky broadband customers were exposed to a security flaw that would have allowed hackers to "control millions of hubs for 18 months", a security company has warned.

Listen to this article

Loading audio...

The flaw has been fixed, but the security researchers said it took Sky nearly 18 months to fix the problem.

The bug was uncovered by the security group Pen Test Partners, who said it affected users who had not changed the router's default admin password.

As this is simple and easy to guess, hackers could easily reconfigure the router and take over a network, just by directing the user to a malicious network.

This could then give hackers access to sensitive information including log-in details for online banking.

According to the researchers, the affected router models were: Sky Hub 3 (ER110), Sky Hub 3.5 (ER115), Booster 3 (EE120), Sky Hub (SR101), Sky Hub (SR203), and the Booster 4 (SE210).

Sky said it had begun working to fix the problem as soon as it was made aware of it and it took the security of its customers "very seriously".

Cyber security expert explains what is behind the twitter hack

Pen Test Partners said there was no evidence the flaw had been exploited, but criticised Sky for the time it took to fix the issue.

It claimed the internet service provider had repeatedly pushed back deadlines it had set to fix the problem.

A spokesman for Sky said: "We take the safety and security of our customers very seriously.

"After being alerted to the risk, we began work on finding a remedy for the problem and we can confirm that a fix has been delivered to all Sky manufactured products."

The initial delay to the time it took for Sky to fix the problem was put down to the coronavirus pandemic, researchers said.

It also said it did not want to disrupt the "vastly increased network loading as working from home became the new norm".

But researchers were concerned by the speed - and time it took - for the company to respond, saying they believed Sky "did not give the patch the priority their customers deserved".

If you have a broadband router mentioned above, the research company has advised you change the passwords on it from the default ones set.

More Latest News

See more More Latest News

RMS Titanic

Violin played to passengers in Titanic blockbuster film goes up for auction with £60,000 price tag

Jean-Claude Van Damme

Jean-Claude Van Damme accused of having sex with five trafficked women at showbiz party

Shocking analysis shows waiting times for larger social homes exceeds 100 years

Shock analysis shows waiting lists for larger social homes now exceeds 100 years

Virginia Roberts Giuffre, with a photo of herself as a teen, when she says she was abused by Jeffrey Epstein, Ghislaine Maxwell and Prince Andrew, among others. (Emily Michot/Miami Herald/TNS) Photo via Credit: Newscom/Alamy Live News

Prince Andrew accuser Virginia Giuffre's Australian court case adjourned after 'breaching restraining order'

Universal has confirmed it's opening its first European theme park in Bedfordshire

Universal theme park set to open in Bedfordshire in 2031 in multi-billion pound boost for economy

Serial Killer Conviction Prompts Police To Warn Of Dating App Dangers

Paedophiles targeting single mums on dating apps in order to exploit their children

Exclusive
Sir Steve Redgrave has called for an urgent cleanup of the River Thames

Sir Steve Redgrave calls for clean-up of River Thames ahead of Oxford-Cambridge boat race

Glenn Armstrong bombarded the woman with unwanted messages prior to breaking into her Spennymoor home at around 4am on Thursday, January 2.

Stalker who bombarded ex with messages jailed for breaking into her home - after police find him at top of stairs with knife

Barry Dawson, 60, was killed after being shot through his front window, police have said

'Popular' County Durham dad, 60, was 'shot through his front window', police confirm

Esme Baker, 10, and her father, Lee Baker, 48, were killed in the fire

Fire at caravan park that killed father, 48, and daughter, 10, was 'accidental', investigation finds

Gladiators star Zack George, known as Steel, has revealed that his baby son has died.

Gladiators star reveals heartbreaking loss as baby boy dies days after being born prematurely

Boy, 15, and girl, 13, guilty of manslaughter following the death of Leicester pensioner Bhim Kohli

Bhim Kohli's teenage killers 'humiliated' pensioner in 'brutal and cruel' attack, says heartbroken daughter

Close up of a Police logo on a police officers uniform in Leeds,WEst Yorkshire,UK

Norwegian teenager arrested after being caught with guns in Yorkshire hotel room

x

UK should not 'jump in with both feet' to retaliate against Trump trade tariffs, PM urges

Wahib

'Jealous and controlling husband' who tried to cut wife's head off before leaving her to bleed to death jailed for life

Ashbourne Derbyshire England UK.

Two dead after aircraft crash in Derbyshire, as police tell public to avoid the area