Hackers hit Telecom email again

Telecom is still unable to explain the latest breach of its Yahoo Xtra email service, the third in less than a year.

The company is urgently investigating the latest hacking incident, which took place last Friday. Numerous customers reported receiving spam emails from Xtra email addresses, which contained links to websites selling health supplements.

A total of 87,000 email accounts were compromised in an attack in February last year, with a second, smaller breach in December.

After the first attack, Telecom moved customers from a troubled "bespoke" system on to Yahoo's main email platform.

Telecom has not yet confirmed how many accounts were affected by the latest attack, or how and why the breaches keep happening.

One affected customer tracked the email signatures to find the attacks were coming from European internet service provider Chello, which is frequently used by spammers.

Telecom advised customers who had been affected to change their passwords as soon as possible. But that advice has not helped some users who have been hacked multiple times.

A computer industry source, who did not wish to be named, helped some people strengthen their passwords after they were hacked last time.

But at least one has been compromised again - a feat which should be impossible short of a "brute force" attack using a supercomputer over a local connection, the source said.

"I really struggle to believe that individual accounts are being compromised in this manner and suspect a larger issue is occurring behind the scenes." He also pointed out the potential for abuse of the breached accounts to go much further than irritating spam messages.

"What if the miscreants turned their attention to actually accessing those cracked Xtra accounts and then abused the massive amount of personal information often left on the mail server?"

Fairfax Media