YahooXtra email accounts hacked

TOM PULLAR-STRECKER
Last updated 15:24 11/02/2013

Relevant offers

Digital Living

Microsoft quietly content as EU moves on Google Facebook Messenger apps seek to infuse emotion into texts The next pill you swallow might have a computer chip in it These tools can help you find legitimate content Plane wifi could facilitate terrorism The addicting psychology of 'The Button,' the Reddit game that ate the Internet Google faces fines, search constraints as EU decision approaches Chimps are no chumps when it comes to drones Consumer NZ accuses TV companies of protectionism First four episodes of Game of Thrones season five leaked online

Telecom has admitted its outsourced YahooXtra email service has been compromised by hackers resulting in some YahooXtra customer accounts being hijacked to send out malicious email.

It is advising all YahooXtra customers to change their passwords.

The company initially blamed a deluge of compromised accounts on a successful phishing attack, saying customers were tricked into clicking on scam emails, but has now acknowledged a "second attack" that was outside customers' control.

"We understand from our own technical investigations that the security of some YahooXtra email customer accounts may have been compromised, making it possible for emails to be sent from these accounts without the customers' knowledge," the company said in a statement.

Telecom said it could not tell how many customers had been affected but it believed it was a small percentage of its approximately 500,000-strong customer base.

Telecom retail boss Chris Quin, said it was working with Yahoo to investigate further. "We would like to apologise to all our customers for any distress or inconvenience caused and assure them that we are doing all we can, in conjunction with Yahoo, to resolve this incident."

The chief executive of the Institute of Information Technology Professionals, Paul Matthews, had earlier described Telecom's initial explanation of the cause of the rogue emails as "demonstrably wrong".

Telecom first said neither it nor its outsourced email provider YahooXtra were responsible for the massive malware attack, that began over the weekend.

Many internet users have received rogue emails from friends and colleagues who are YahooXtra customers, containing links to websites that are designed to infect their computers with malware.

Telecom initially said a sophisticated phishing attack on its customers, rather than any breach of YahooXtra's own security, appeared to be responsible.

But IITP boss Paul Matthews said Yahoo had been subject to a well-documented attack.

Matthews said the institute was aware Yahoo had been subject to a major cross-site scripting (XSS) attack over the last few weeks which it said had been patched a few days ago.

"We've received notes from many of our members who have encountered this and the subsequent Xtra issues on client sites.

"Given the nature of these emails - sent indisputably to Xtra contact lists, in some cases to people who haven't been in contact for a long time and others very recently - it's highly likely that either the issue wasn't patched successfully, a new attack vector has been found or more likely, contact lists have been harvested during the initial attack to enable this secondary attack on Xtra email holders.

Ad Feedback

"According to security sources, this original attack appears to have been due to a vulnerability in the Yahoo Developers Network, due to blog software that hadn't been updated for at least nine months. The fact that there was an XSS vulnerability at Yahoo has been known since at least November," he said.

"So assuming this is the cause of the attack, it would appear to be due to a vulnerability at Yahoo and very difficult for users to avoid. This is a major attack and appears unrelated to any of the standard 'from Xtra account services' phishing emails which are regularly circulated."

One victim, YahooXtra customer Michael Beckett, said scam emails were sent from his email address while his computer was turned off and he was out on a boat.

"I went to change my password, but that kept on crashing and when I went to delete my contact lists - which is what the hack had programmed their malware to exploit - I couldn't delete the addresses."

- The Dominion Post

Comments

Special offers

Featured Promotions

Sponsored Content