Yahoo!Xtra users locked out again
About 1500 Yahoo!Xtra accounts have been caught up in a fresh cyber attack in the last two days and their email accounts have been frozen until they change their passwords.
Earlier there were concerns hackers may have gleaned passwords and log-ons from customers emails but Telecom spokesperson Jo Jalfon said an old warning had gone up on Telecom's website by mistake.
Yahoo! had assured Telecom there was no evidence the hackers had gained access to anything but contact books so they could continue their spam campaign.
The new attack showed up as an significant upsurge in the 100 or so accounts Yahoo! tagged as "compromised" on any given day.
Affected customers will have to log back in and change their passwords before they can access their accounts.
Their emails would be continue to be received in the meantime, Telecom said.
Jalfon said Telecom had been more proactive about cancelling the passwords of hacked accounts this time because customers had not moved fast enough in a previous spam attack this month.
The attack, which started on February 9, compromised about 87,000 accounts, sending out malicious emails to contacts of the account holder without their knowledge.
More than a third of the telco's 450,000 Yahoo!Xtra customers have since changed their passwords on Telecom's advice.
But none of the newly frozen accounts had changed their passwords, Jalfon said.
"Some of them might be accounts that people just don't use very often, or they could be away on holiday, or overseas," she said.
"There's a whole range of reasons."
Telecom is now reviewing its partnership with Yahoo! but is not expected to reach a conclusion until later next month.
Any talk of compensation had to viewed in the light that people had not been unable to send or receive emails, but had just been inconvenienced, she said.
"The reality is, this sort of issue's never going to go away," Jalfon said.
"Spammers are getting more and more savvy. It's like a cat-and-mouse game - Yahoo! improves their security and spammers look for ways to infiltrate filters.
"The only way to remain vigilant around email is to keep changing your password."
Jalfon said she used to advise people to change their passwords monthly.
"I wouldn't even want to even say that now," she said.
Her other advice was to not use the same password for other online accounts such as Facebook or banking.
- The Dominion Post
What do you make of the proposed conference centre/hotel for Wellington?Related story: Convention centre to get OK