BT and Sky broadband customers could also be affected by the Yahoo hack that exposed half a billion user accounts.
Both businesses outsourced their webmail hosting to the tech giant, which has fallen prey to the largest known cyber-breach in history.
While all of Sky’s email addresses are managed by Yahoo, BT stopped using the Californian firm’s hosting several years ago.
The internet service providers (ISPs) are encouraging users to change their passwords following the breach, but said that not all customers would be affected.
Sky launched a help page and confirmed that it was emailing all customers to suggest they change their passwords.
The broadcaster and broadband provider said in a statement:
“Overnight Yahoo! announced that a copy of certain user account information was stolen from its company’s network in late 2014. Yahoo! is the provider of Sky.com email accounts. In line with their advice, we are encouraging sky.com email holders to change their passwords and security questions.”
The company had roughly 2.5m Sky.com email account holders at the time of the hack in 2014. However, a source said Yahoo had told Sky that “significantly fewer” than those 2.5m accounts were exposed in the hack.
According to BT, a minority of its 7m accounts nationwide are still managed by Yahoo. It did not elaborate on how many customers would be affected.
A spokesperson said: “We advise customers generally to reset their password regularly and we will be contacting affected customers specifically to help them keep their information safe.”
BT’s help page says: “If you haven’t changed your password since 2014 we recommend you change it now.”
BT customers can check to see if their email address was hosted by Yahoo using this tool on BT’s website. Broadband customers may have addresses ending in @btinternet.com, @btopenworld.com or @talk21.com.
Names, phone numbers, dates of birth, email addresses, unencrypted security questions and answers and encrypted passwords were all revealed in the attack, Yahoo said.
Credit card data was not exposed. Users are urged to change the security answers and passwords to any other accounts where they have been used.
To find out how to secure your account read: