Xtra emails hacked again

02:46, Feb 27 2013

Xtra accounts have again been hijacked to send out malware-infected emails, but Telecom has retracted a warning that hackers may have gleaned passwords and logons from customers' emails.

Spokeswoman Jo Jalfon said the password warning published on its website this morning was a "mistake" and that outsourced email provider Yahoo had advised Telecom there was no evidence that anything other than customers' contact lists had been hacked.

Telecom said this morning that after a "further investigation of spam issues" it found some customer email accounts were still being used to send malware-infected emails.

At the time, it warned that Yahoo, which runs the email service for Telecom, had been unable to confirm whether hackers might have accessed "personal information" from within emails, such as logon details and passwords, and advised anyone with concerns to change all their logons and passwords.

Earlier this month, Telecom reported that more than 80,000 Xtra customers had had their email accounts compromised because of a security hole at Yahoo, but chief executive Simon Moutter had said on Friday there was no evidence of continuing problems.

Telecom said this morning it had identified the people whose accounts were newly-known to be compromised and taken "preventative action" by locking their accounts.


It has so far not disclosed how many accounts were involved or whether they included people who had responded to requests to change their passwords after details of the original attack became known.

Jalfon said Telecom was investigating how the incorrect warning was published on its website but it was "probably an oversight during a very busy period".

Compromised accounts were a "daily occurrence globally" for email providers, she said. 


Contact Tom Pullar-Strecker
Technology reporter
Email: tom.pullar-strecker@dompost.co.nz
Twitter: @PullarStrecker

The Dominion Post