Yahoo finds another 1500 compromised Telecom Xtra accounts

That mysterious error message. Click to zoom.

UPDATE: A curious coda to today's Yahoo Xtra developments. A colleague at NBR got the above right error message about Yahoo Xtra being down for maintenance when he tried to check for new messages on his personal Yahoo Xtra account.

The error message persisted for several minutes. When he tried again this evening, he was able to get in.

I sent a copy of the error message to Telecom. 

A spokeswoman replied: "We believe its a spoof as we sent some test messages which worked and Yahoo would advise us of any work which they have not."

Don't know about that one. If it was sent by a random person I would wonder if it was faked too. But it arrived from a someone I know at work, who's a serious-minded guy just annoyed he couldn't access his email (and the screen grab above is a crop of a larger screen shot).

And "spoofing" in the technical sense (one programme masquerading as another) makes no sense, given the account worked normally a few minutes later.

It sounds like there's probably a more common-or-garden explanation: more poor communication. Perhaps Yahoo failed to let Telecom know a scheduled outage was taking place - not good at a time when Telecom is formally reviewing its email options.

Another 1500 Telecom customers using its Yahoo Xtra email service have potentially "compromised accounts."

Passwords on all 1500 accounts have been summarily cancelled by Telecom. As with previous cancellations, customers are issued with a temporary password then asked to head online, or phone, to reset their account.

Telecom attempted to draw a line under its latest Yahoo Xtra problems on February 22 with a statement headed Telecom Customers no Longer Compromised Following Cyber Attack. It said passwords on all 65,000 affected accounts have been changed (passwords were also cancelled on a number of inactive accounts, taking the total number number of compromised accounts to 87,000).

But in comments after NBR ONLINE stories, and elsewhere, people continued to complain about a heavy number of spam messages from Yahoo Xtra accounts.

Today, Telecom said it has been alerted by Yahoo of 1500 potentially compromised accounts - up from the usually number of around 100 (Telecom has around 450,000 broadband customers in total). 

Accounts can be compromised when a person sends on a malicious link in an email sent by a "phisher", or within an email from a person they know who has already been compromised.

But some, including government-funded NetSafe and the Institute of IT Professionals NZ, are more worried about the separate, direct security breach of Yahoo's mail servers, which happened at the same time as the February 9 phishing attack upsurge. This mail server breach could have lead to address books and email being downloaded for use in a future attack.

On this point, said today "Yahoo continues to assure Telecom that there has been no evidence that email accounts have been accessed for any other reason than to send spam."

Telecom did not immediately respond in detail on the question of whether the 1500 potentially compromised accounts revealed today could be traced back to the February 9 attack.

"It’s pretty clear that we will never see the end of these types of incidents given the global nature of spam and the increasingly sophisticated tactics of spammers and cyber criminals," a spokeswoman told NBR ONLINE.

4 · Got a question about this story? Leave it in Comments & Questions below.

This article is tagged with the following keywords. Find out more about MyNBR Tags

Post Comment

4 Comments & Questions

Commenter icon key: Subscriber Verified

After the possum in headlights initial response, it is at least great to see Telecom dealing with this much more proactively and openly.

  • 0
  • 0

Didn't even see the headlights. Telecom did nothing to tell me my account had been hacked. It took someone from my contact list to ring Telecom and ask them if it had been done. Com' on Telecom, get your act
together :(

  • 0
  • 0

Why doesn't Telecom look after their own mail server?

  • 0
  • 0

I got the same mysterious error last night. I got paranoid and changed my password immediately. It was a relief after a few minutes it went back.

  • 0
  • 0

Post New comment or question

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

NZ Market Snapshot


Sym Price Change
USD 0.6952 0.0000 0.00%
AUD 0.8901 0.0000 0.00%
EUR 0.5907 0.0000 0.00%
GBP 0.5276 0.0000 0.00%
HKD 5.4294 0.0000 0.00%
JPY 78.9230 0.0000 0.00%


Commodity Price Change Time
Gold Index 1278.6 -9.430 2017-10-20T00:
Oil Brent 57.8 0.550 2017-10-20T00:
Oil Nymex 51.9 0.580 2017-10-20T00:
Silver Index 17.0 -0.177 2017-10-20T00:


Symbol Open High Last %
NZX 50 8124.1 8142.3 8124.1 0.07%
NASDAQ 6633.4 6640.0 6605.1 0.36%
DAX 13057.8 13063.6 12990.1 0.01%
DJI 23205.2 23328.8 23163.0 0.71%
FTSE 7523.0 7560.0 7523.0 0.00%
HKSE 28360.0 28519.8 28159.1 1.17%
NI225 21391.0 21489.3 21448.5 0.04%
ASX 5896.1 5924.9 5896.1 0.17%