Around six million Sky internet routers were vulnerable to hackers due to a significant software bug, a security company has revealed.
Although the problem has now been fixed it took Sky 18 months to address the issue, according to researchers.
Anyone who had not changed the router's default admin password could have been affected.
The flaw in software code, found by researcher Raf Fini, from Pen Test Partners, could have allowed hackers to take over home networks, and reconfigure a home router by directing the user to a scam website via a phishing email.
Routers with the flaw left people's home network exposed to the internet, allowing direct access to computers and devices.
Hackers would then be able to "take over someone's online life", stealing passwords for banking and other websites, Pen Test Partner's Ken Munro told the BBC.
Read more: Ebay's top predictions for Black Friday 2021
There was no evidence the flaw had been exploited but it was difficult to understand the delay fixing it, he said.
"While the coronavirus pandemic put many internet service providers under pressure, as people moved to working from home, taking well over a year to fix an easily exploited security flaw simply isn't acceptable," he said.
Sky said an update on such a large scale took time.
"We take the safety and security of our customers very seriously," Sky said.
"After being alerted to the risk, we began work on finding a remedy for the problem and we can confirm that a fix has been delivered to all Sky-manufactured products."
Customers with affected routers can now request for it to be replaced for free.
Pen Test Partners criticised the internet provider for failing to "prioritise fixing the issue, taking nearly 18 months to fully resolve it, failing to meet numerous deadlines they set themselves".
In May, consumer group Which? warned the millions of routers in the UK had missed several years of critical security updates, making them vulnerable to exploitation by hackers.
Anyone with a router should change the default password, advised Munro.
The affected models were:
Sky Hub 3 (ER110)
Sky Hub 3.5 (ER115)
Booster 3 (EE120)
Sky Hub (SR101)
Sky Hub 4 (SR203)
Booster 4 (SE210)
The last two devices on the list came with a randomly generated admin password, which would have made it harder for a hacker to exploit.
In addition, around 1% of routers issued by Sky are not made by the company itself.