Sky has denied suffering a significant network breach and putting customer data at risk, despite CyberNews researchers finding a configuration file apparently listing database access credentials on a publicly available domain.
CyberNews reported the issue to Sky, who quickly removed the configuration file from its location.
Database not found as Sky says incident had no impact
Sky said it acted quickly to remove the file in question and that customer data wasn’t compromised at any time. Sky also said the incident had led to no broader impact on its data or systems.
One other potential cause for concern is that while researchers could find the file, they couldn’t find the database itself. This raised concerns that it had already been stolen, although Sky has not commented further.
The CyberNews researchers who identified the leak told Tech Radar, “There’s no way to tell what data is being stored on the production server. With that said, exposed configuration files can serve as quick infiltration shortcuts for ransomware groups that could take a company’s servers and data hostage.”
Next steps for Sky
At present, there doesn’t appear to be any further danger facing Sky, although the incident itself undoubtedly remains a concern. At the same time, only Sky knows what data was held in the files in question, and the company themselves may not know whether it was accessed by anyone who may have sinister intentions.
Sky doesn’t seem to be treating this as a regular type of data breach, and thus has not reported anything to the Information Commissioner’s Office (ICO).
Do Sky customers need to worry?
Given what we know, Sky customers have no specific reason to be alarmed at this incident.
However, reviewing your online security is never a bad idea. As a minimum, it’s worth:
- Changing your Sky password
- Changing any other passwords that are the same as your Sky password
- Setting up Two Factor Authentication (2FA) on your Sky email account if you use one
- Adding 2FA to the accounts that previously had the same password as your Sky account to be extra safe
If a breach has occurred and your data is exposed, contact us
If it later becomes clear that a significant data breach did occur on the back of this or another incident, and your personal details were subsequently exposed, you could be entitled to compensation. Contact LawPlus here for a free, no-obligation assessment of your potential claim.