Telecom is urged to quit Yahoo

Telecom should drop Yahoo as its email provider after hackers again seized control of thousands of YahooXtra email accounts, Telecommunications Users' Association chief executive Paul Brislen says.

Telecom said more of its 450,000 YahooXtra account-holders had their accounts compromised by hackers overnight on Monday, after a raid that started over the weekend.

Telecom spokeswoman Lucy Fullarton refused to estimate how many customers had their accounts hijacked and used to send out malware-infested spam. But Brislen said that, based on the number of complaints he received, the problem seemed quite widespread.

Yahoo has been locking YahooXtra customers out of their accounts, once it has detected infiltration, until they change their passwords.

Fullarton said it was continuing to investigate the cause of the issue.

Telecom outsourced its email service to Yahoo in 2007 and reviewed the partnership earlier this year after 87,000 accounts were compromised in a February attack. As a result, Telecom decided to move customers from a troubled "bespoke" system operated by Yahoo, on to Yahoo's main email platform.

Telecom retail chief executive Chris Quin said in April he was confident that would make the service more reliable. Telecom said in September that the migration had begun and would take a few months to complete.

But, Telecom and Yahoo have both refused to provide assurances that this week's problems have not affected customers on the new platform, instead denying that the migration was intended to prevent such attacks.

Brislen said that was not his recollection. "If this is happening to people who should be secure, post 'the fix', that is a real concern. This is the third big outbreak. I don't see any way for Telecom to continue using Yahoo as a provider. It comes down to 'thanks guys, you tried your best and it is not good enough' ."

Fullarton said cyber-crime was a "global issue".

But Brislen said he was not aware of similar scale attacks affecting non-Yahoo customers.

"It seems to be a Yahoo problem and one that they are apparently not treating with the respect it deserves. Instead we have got more spam going out and yet more customers being told to change their passwords one more time."

Yahoo said it took security seriously and invested heavily in measures to protect its users and their information. Once it became aware of the attack, it worked with Telecom and moved quickly to escalate the issue.

The switch to the new platform had helped Yahoo reduce the impact of attacks, as it was able to "move more quickly to activate and deploy Yahoo global resources and technologies", it said. Fairfax NZ

Taranaki Daily News