Yahoo finds another 1500 compromised Telecom Xtra accounts

That mysterious error message. Click to zoom.

UPDATE: A curious coda to today's Yahoo Xtra developments. A colleague at NBR got the above right error message about Yahoo Xtra being down for maintenance when he tried to check for new messages on his personal Yahoo Xtra account.

The error message persisted for several minutes. When he tried again this evening, he was able to get in.

I sent a copy of the error message to Telecom. 

A spokeswoman replied: "We believe its a spoof as we sent some test messages which worked and Yahoo would advise us of any work which they have not."

Don't know about that one. If it was sent by a random person I would wonder if it was faked too. But it arrived from a someone I know at work, who's a serious-minded guy just annoyed he couldn't access his email (and the screen grab above is a crop of a larger screen shot).

And "spoofing" in the technical sense (one programme masquerading as another) makes no sense, given the account worked normally a few minutes later.

It sounds like there's probably a more common-or-garden explanation: more poor communication. Perhaps Yahoo failed to let Telecom know a scheduled outage was taking place - not good at a time when Telecom is formally reviewing its email options.


Another 1500 Telecom customers using its Yahoo Xtra email service have potentially "compromised accounts."

Passwords on all 1500 accounts have been summarily cancelled by Telecom. As with previous cancellations, customers are issued with a temporary password then asked to head online, or phone, to reset their account.

Telecom attempted to draw a line under its latest Yahoo Xtra problems on February 22 with a statement headed Telecom Customers no Longer Compromised Following Cyber Attack. It said passwords on all 65,000 affected accounts have been changed (passwords were also cancelled on a number of inactive accounts, taking the total number number of compromised accounts to 87,000).

But in comments after NBR ONLINE stories, and elsewhere, people continued to complain about a heavy number of spam messages from Yahoo Xtra accounts.

Today, Telecom said it has been alerted by Yahoo of 1500 potentially compromised accounts - up from the usually number of around 100 (Telecom has around 450,000 broadband customers in total). 

Accounts can be compromised when a person sends on a malicious link in an email sent by a "phisher", or within an email from a person they know who has already been compromised.

But some, including government-funded NetSafe and the Institute of IT Professionals NZ, are more worried about the separate, direct security breach of Yahoo's mail servers, which happened at the same time as the February 9 phishing attack upsurge. This mail server breach could have lead to address books and email being downloaded for use in a future attack.

On this point, said today "Yahoo continues to assure Telecom that there has been no evidence that email accounts have been accessed for any other reason than to send spam."

Telecom did not immediately respond in detail on the question of whether the 1500 potentially compromised accounts revealed today could be traced back to the February 9 attack.

"It’s pretty clear that we will never see the end of these types of incidents given the global nature of spam and the increasingly sophisticated tactics of spammers and cyber criminals," a spokeswoman told NBR ONLINE.

ckeall@nbr.co.nz

This article is tagged with the following keywords. Find out more about My Tags

Post Comment

4 Comments & Questions

Commenter icon key: Subscriber Verified

After the possum in headlights initial response, it is at least great to see Telecom dealing with this much more proactively and openly.

Reply
Share

Didn't even see the headlights. Telecom did nothing to tell me my account had been hacked. It took someone from my contact list to ring Telecom and ask them if it had been done. Com' on Telecom, get your act
together :(

Reply
Share

Why doesn't Telecom look after their own mail server?

Reply
Share

I got the same mysterious error last night. I got paranoid and changed my password immediately. It was a relief after a few minutes it went back.

Reply
Share

Post New comment or question

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

NZ Market Snapshot

Forex

Sym Price Change
USD 0.7878 -0.0004 -0.05%
AUD 0.9091 0.0005 0.06%
EUR 0.6356 -0.0003 -0.05%
GBP 0.5032 0.0001 0.02%
HKD 6.1123 -0.0013 -0.02%
JPY 92.8410 0.0020 0.00%

Commods

Commodity Price Change Time
Gold Index 1201.1 7.690 2014-11-21T00:
Oil Brent 78.6 -0.120 2014-11-21T00:
Oil Nymex 76.5 0.710 2014-11-21T00:
Silver Index 16.4 0.260 2014-11-21T00:

Indices

Symbol Open High Last %
NZX 50 5526.9 5526.9 5526.9 -0.56%
NASDAQ 4751.0 4751.6 4701.9 0.24%
DAX 9521.2 9736.1 9484.0 2.62%
DJI 17721.0 17894.8 17719.0 0.51%
FTSE 6678.9 6773.1 6678.9 1.08%
HKSE 23353.7 23508.0 23349.6 0.37%
NI225 17285.7 17381.6 17300.9 0.33%