Another big Yahoo data breach, Spark not sure if Xtra Mail users affected
Yahoo has admitted to another big data breach, this time involving the theft of logon details for one billion accounts in 2013.
The US-based company says law enforcement authorities presented it with data in November this year that led to the discovery.
Yahoo hosts Spark’s Xtra Mail. A spokeswoman for Spark tells NBR, “Spark is working closely with Yahoo to understand if any New Zealand Xtra customers are impacted. Spark was notified this morning and is waiting for more information. The historic data stolen is believed to be username and password combinations, so customers who have changed their password since August 2013 are not likely to be vulnerable. Secret questions and answers for New Zealand customers are not stored by Yahoo.”
If you’re an Xtra user who hasn’t changed their password since 2013, head to www.spark.co.nz/changepassword.
History of violations
After nine years of security breaches and spam, Spark finally decided to dump Yahoo in September.
Xtra is being moved to a local provider – SMX, part owned by NBR Rich lister Sam Morgan – but the transition won’t happen until January. All of those who have registered so far (via spark.co.zn/email) have been forced to change their password, the company says.
The September decision coincided with Yahoo fessing up to a historic data breach in 2014 that put 138,000 Xtra accounts at risk (all up, there are around 825,000 Xtra accounts).
Yahoo was sold to Verizon in July for a firesale price, but US media reports suggest the telco is now trying to use Yahoo’s security problems as an excuse to back out of the deal