Bigger issue to Yahoo Xtra email breaches
Repeated breaches of Telecom's Yahoo Xtra email service point to a bigger issue behind the scenes, a computer expert says.
Telecom is still investigating the latest incident, with customers complaining of what appeared to be a third breach of the email network late last week.
Numerous readers reported receiving spam emails from Xtra email addresses which contained links to other websites.
Telecom has been unable to confirm how many accounts were affected, or how and why the breaches keep happening.
One affected customer tracked the email signatures to find the attacks were coming from European ISP Chello, which is frequently used by spammers.
Telecom advised customers who had been affected to change their passwords as soon as possible.
However, that advice has not helped some users who have been hacked multiple times.
A computer industry source, who did not wish to be named, helped some people strengthen their passwords after they were hacked last time.
But at least one has been compromised again – a feat which should be impossible short of a "brute force" attack using a supercomputer over a local connection, the source said.
"I really struggle to believe that individual accounts are being compromised in this manner and suspect a larger issue is occurring behind the scenes," the source said.
He also pointed out the potential for abuse of the breached accounts to go much further than irritating spam messages.
"What if the miscreants turned their attention to actually accessing those cracked Xtra accounts and then abused the massive amount of personal information often left on the mail server?"
That could include the likes of names, addresses, photos, credit card details and personal correspondence.
Telecom says it hopes to have an update on the breach today.
A total of 87,000 email accounts were compromised in an attack in February last year, with a second, smaller breach following in December.
After the first attack, Telecom decided to move customers from a troubled "bespoke" system operated by Yahoo onto Yahoo's main email platform.
- © Fairfax NZ News