Telecom has this afternoon issued a fresh security warning over its YahooXtra email service, hosted by Yahoo.
Yahoo has advised us that it is experiencing an email security threat, which we have reason to believe may have compromised some Yahoo Xtra email customers’ accounts. It appears that as a result of this threat, attempts at unauthorised access of users’ email accounts have been made.
At this stage we have no evidence that this account information has been used and customers have not reported any issues. However, as a preventative measure, Yahoo will be blocking those accounts that they have identified as compromised until the customer resets their password – and so re-secures their account.
Customers whose accounts have been blocked and who want guidance on how to reset their passwords can find it at www.telecom.co.nz/emailpasswordchange.
Asked if it was a case of Yahoo accounts being directly hacked or customers foolishly clicking on "phishing" links in spam emails, a Telecom spokeswoman told NBR, "it is a case of accounts being compromised, rather than the ‘spoofing’ of addresses phishing for information that we saw earlier this month. It is obviously wider than Xtra customers, or NZ. We don’t have confirmed numbers of those affected –Yahoo is still investigating it."
Over the Christmas holidays, there was a renewed outbreak of YahooXtra spam messages. A Telecom spokeswoman told NBR on January 12 that the company had received serveral spam complaints from users, but had not gauged the scale of the issue. Telecom Retail CEO Chris Quin told NBR after the early January spam issue, "Its important people understand nothing went wrong with the service this month, it just got attacked with spoof emails."
After around tens of thousands of accounts were compromised in February 2013, Telecom reviewed its relationship with Yahoo, but ultimately decided to maintain the relationship. Telecom said a survey found its customers wanted web mail, and that Yahoo would implent stricter security measures.