Telecom rush to fix Yahoo Xtra spam hack
Monday 11 Feb 2013 4:32 p.m.
Telecom has admitted that its Yahoo Xtra service has been hacked by overseas criminals.
Emails containing spam have been sent to hundreds, maybe thousands of Yahoo Xtra users, asking them for personal details, including credit card numbers.
NetSafe says this is the biggest attack of its kind to happen in New Zealand.
Users from all over the country are receiving spam and unknowingly sending these emails as well, spreading the attacks.
One user even received an email from a friend who died two years ago.
It's an attack on a massive scale, with potential to affect all 450,000 Yahoo Xtra users and many more.
And this afternoon Telecom confirmed the worst – the network was indeed hacked. Overseas hackers were able to get into the network on Saturday, getting holding of users' email addresses and sending them spam in the form of an internet link.
“Essentially a spammer has got into Yahoo and been distributing a phishing email across a number of contacts in that customer base, and then that is distributing itself through the contact emails of people,” says Telecom retail chief executive Chris Quin.
What's most worrying is that recipients don't need to click on the link. Just getting the email gives hackers access to the recipient’s contacts, which means spam can then be sent to them as well, regardless of which email provider they're with.
“If people have received an email and clicked on a link, their computer could be infected with malware, depending on the security of their machine when they clicked on that link,” says NetSafe executive director Martin Crocker.
Last month, a security expert raised the alarm in Australia, telling Yahoo there its servers were vulnerable.
“They were supposed to have fixed it back then,” says Paul Brislen of the Telecommunications Users Association. “They assured everyone they fixed it in early January. Here we are halfway through February and it’s happening again. They’re running the service. There's no one to point the finger at but them.”
One software engineer says it's cause for concern when a major provider like Xtra has problems this big.
“When that security's breached, when they cannot provide a solid, strong response about what's happened, we really should be a little bit worried,” says Logan Douglas.
Telecom says attacks on the Yahoo network servers have been dealt with, but the emails are still circulating.