Email raid sparks call to dump Yahoo

Last updated 05:00 04/12/2013

Relevant offers


Pound falls to 30-year low against US dollar amid anti-global sentiment Maersk shipping line changes NZ route Revamped Smith's City pushes into profitable Auckland International hotel Sofitel Wellington fights $350k development fee - and succeeds Taranaki engineers need to 'get creative' to survive Fiat Chrysler accused of concealing defect in Jeep Grand Cherokee Countdown harnessing the skills of older workers Duncan Garner: Tax the tourist tsunami and give us citizens a break APN settles New Zealand tax dispute with Inland Revenue Trade Me says online gun auctions are safe, as police union calls for an end to sales

Telecom should drop Yahoo as its email provider after hackers again seized control of thousands of YahooXtra email accounts, Telecommunications Users Association chief executive Paul Brislen says.

Telecom said more of its 450,000 YahooXtra account-holders had their accounts compromised by hackers overnight on Monday, following a raid that started over the weekend.

Telecom spokeswoman Lucy Fullarton refused to estimate how many customers had their accounts hijacked and used to send out malware-infested spam. But Brislen said that, based on the number of complaints he received, the problem seemed quite widespread.

Yahoo has been locking YahooXtra customers out of their accounts, once it has detected infiltration, until they change their passwords. Fullarton said it was continuing to investigate the root cause of the issue.

Telecom outsourced its email service to Yahoo in 2007 and reviewed the partnership earlier this year after 87,000 accounts were compromised in a February attack.

As a result, Telecom decided to move customers from a troubled "bespoke" system operated by Yahoo, on to Yahoo's main email platform. Telecom retail chief executive Chris Quin said in April he was confident that would make the service more reliable. Telecom said in September that the migration had begun and would take a few months.

However, Telecom and Yahoo have both refused to provide any assurances that this week's problems have not affected customers on the new platform, instead denying that the migration was intended to prevent such attacks.

Brislen said that was not his recollection.

"If this is happening to people who should be secure, post ‘the fix', that is a real concern. This is the third big outbreak. I don't see any way for Telecom to continue using Yahoo as a provider. It comes down to ‘thanks guys, you tried your best and it is not good enough'," he said.

Fullarton said cyber-crime was a "global issue".

But Brislen said he was not aware of similar scale attacks affecting non-Yahoo customers. "It seems to be a Yahoo problem and one that they are apparently not treating with the respect it deserves. Instead we have got more spam going out and yet more customers being told to change their passwords one more time."

Yahoo said it took security very seriously and invested heavily in measures to protect its users and their information. Once it became aware of the attack, it worked with Telecom and moved quickly to escalate the issue.

The switch to the new platform had helped Yahoo reduce the impact of attacks, as it was able to "move more quickly to activate and deploy Yahoo global resources and technologies", it said.

Ad Feedback

Telecom customers can switch to other free email services such as Gmail without taking their other business elsewhere, and many are understood to have done that during the past few years.

Vodafone spokesman Brad Pogson said it had not observed a spike in broadband sign-ups as a result of the YahooXtra security issue, but numbers fluctuated each month so it was hard to attribute any gain to one thing.


How do I know if my account has been hacked? Friends may tell you they have received spam from your address with links to dodgy webpages. Or you might be locked out of your email account.

What do I need to do then? You will need to change the password to your Xtra account. Go to Telecom's website, look for the email service status page and follow the instructions. Don't trust emailed instructions as they may themselves be scams.

What if I have clicked on a link in one of those spam emails? Run a full scan using anti-virus software. Microsoft Security Essentials can be downloaded online for free. Malwarebytes is another excellent free programme.

- BusinessDay

Special offers

Featured Promotions

Sponsored Content