Telecom: new Yahoo Xtra problems 'extremely disappointing'

Telecom has sharpened it language about the latest problems with its Xtra email service, hosted by Yahoo in Sydney.

 "It is extremely disappointing to us that this incident seems to have recurred and we are in active discussions with Yahoo to gain a better understanding of the cause of this latest incident," the company says in its latest statement to NBR sent last night.

"Telecom is implementing tonight a new, simpler, process to protect customers whose accounts appear to have been compromised in a new malicious email incident over the past 24 hours or so. A compromised account means that the customer’s email account is potentially being misused to send suspicious emails.

"The new process, which was committed to in our email review announcement last Friday, means that affected customers who usually log onto their Yahoo! Xtra email via webmail will tonight be automatically directed to a web page that steps them through how to change their password and make any necessary changes to their account settings.

"All affected customers, including those who access their Yahoo Xtra email via other methods, such as Outlook mail or other email applications, will receive an email tonight, advising them to change their password immediately. The email will direct them to the Telecom website.

"We began urgent investigations with our email provider Yahoo! to identify the source of this latest issue.  This included submitting examples of these suspicious emails for Yahoo! to analyse and attempt to trace the source. Based on this analysis, Yahoo! implemented some additional security protocols."

Telecom yesterday morning said somewhere between 100 and around 1000 people were affected by phishing attacks - around the usual level given 400,000 or so of its customers use Xtra.

Its evening statement hints the situation could be more serious. This morning, the company told NBR it had no update on numbers affected.

UPDATE / Apirl 10, 9.45am: Telecom says between 100 and and "1000 or so" customers are affected by fresh problems with its Xtra email service, hosted by Yahoo in Sydney - and that that number is within its normal range for daily problems with phishing attacks.

"We began urgent investigations with our email provider Yahoo to identify the source of this latest issue," the company says in its latest statement to NBR Online.

"This included submitting examples of these suspicious emails for Yahoo! to analyse and attempt to trace the source. Based on this analysis, Yahoo implemented some additional security protocols, which it has in place for incidents such as this. 

"Yahoo has also provided us with a preliminary assessment of the number of ‘compromised’ accounts – these are customer accounts which have been misused to send suspicious emails. On any normal day, the number of compromised accounts can range from under a hundred to 1000 or so.  In this incident, the number appears to be at the higher end of this normal range"

EARLIER: Telecom is having more problems with its Xtra email service, hosted by Yahoo's Sydney operation.

Late yesterday, a number of readers told NBR Online they had received emails with "phishing links" (links to malicious websites) from people they knew - indicating the person's email account had been hacked, either by another security breach of Yahoo's mail servers, or the person clicking on a phishing link themselves.

NBR has also received phishing emails from people with Xtra addresses. On tech site Geekzone, a new message thread sprung up on the topic yesterday (the site's Maurico Freitas has also posted a screen grab of an infected inbox as it gets swamped with bounce-back messages within minutes).

"Yes we are aware of an issue with customers receiving suspicious looking emails through their Yahoo Xtra email account," a spokeswoman told NBR last night.

"At this point we’re not sure of the extent of the problem - the incidents we’re aware of number in the ‘tens’ to date -and so we are working with Yahoo! to investigate," she said.

"We’re advising customers who have received mail that they believe is spam, even from a known contact, to delete immediately and never to click on suspicious links contained within emails. We’re also advising customers who’ve been affected to change their password."

Telecom has also posted a service warning on its website, which includes a link to its password change page.

The company will update further today.

The sheer volume of its customers (around 400,000 of 450,000 use Yahoo Xtra) means there is always a low level of phishing problems.

Some critics will recall the February security problems with Yahoo Xtra, which were first reported as limited, but were gradually be revealed to be huge in scope, affecting around 75,000 customers.

On April 5, Telecom announced the results of a review into its email provision. The company decided to stick with Yahoo, but pledged to do a better job informing customers. It also said passwords would be easier to change, and that Xtra would be moved away from its bespoke infrastructure onto standard Yahoo mail servers.