Yahoo, Xtra emails hacked
Marlborough Yahoo and Xtra email users were among the hundreds who had their accounts hacked at the weekend in a massive malware attack.
Telecom were advising customers yesterday to change their passwords and not open suspicious mail.
Internet users around the country received rogue emails from friends and colleagues who were YahooXtra customers, containing links to websites designed to infect their computers.
Recipients of the emails included Marlborough Express staff, the Marlborough Primary Health Organisation, police, Roselands Pets and Plants and many private email users.
PC Media director Lee Harper said he had received almost 200 emails by yesterday morning, from people who had been caught out by the scam. About 20 clients who had been affected by the scam had contacted him on Sunday.
The scam was "very embarrassing" for provider Telecom, he said.
"Xtra's service has been very unreliable of late and this security breach is a further embarrassment for them."
The scam had been widespread because it had tricked users by including the sender's name at the bottom of the message, he said.
"It was quite clever . . . the worrying thing is they [hackers] could be harvesting the email addresses presumably for future spamming."
Telecom admitted yesterday its outsourced YahooXtra email service had been compromised by hackers, rather than the security of individual customers as they initially stated.
"We understand from our own technical investigations that the security of some YahooXtra email customer accounts may have been compromised, making it possible for emails to be sent from these accounts without the customers' knowledge."
Telecom could not tell how many customers had been affected but believed it was a small percentage of its approximately 500,000-strong customer base.
Despite Telecom advising the issue had been fixed by 1am Sunday morning, spam emails continued to circulate yesterday.
Mr Harper said people should ensure their passwords are complex, and included a combination of letters and numbers to reduce the chances of becoming a victim of a phishing scam.
Phishing is the act of attempting to acquire information such as usernames, passwords and credit card details by masquerading as a trustworthy person.
Hackers fish for accounts by creating programs to dig through email accounts, firing passwords until one hits.
An email address such as Joe.Brown@xtra.co.nz with an easy to guess password such as 12345, has a much higher chance of being hacked than an obscure password.
If the security breach is at the internet service providers' end, which holds their customer's details, there is nothing a customer can do.
Protect yourself with a complex, long password, with a combination of letters and numbers.
- The Marlborough Express