My window to the world

Telecom New Zealand decides to stick with Yahoo! email service, Yahoo! compromised again?

By Mauricio Freitas, in , posted: 10-Apr-2013 07:46

A few weeks ago there was a massive breach of security in the Yahoo! email service behind the Telecom @xtra.co.nz addresses. according to information supplied by Yahoo! in a press release up to 20% of 400,000 active email accounts had been compromised.

Telecom employees worked hard day and night to manage the situation. Most of the action needed from consumers of this service involved password reset. This caused lots of trouble to people who weren’t able to access their accounts from email clients or third party services.

After the event a review was launched by Telecom New Zealand: ““We share the frustration that our customers have been experiencing over recent months. We fully appreciate that repeatedly saying ‘sorry’ doesn’t cut it anymore. We are committed to taking a close, hard look at the best way to meet our customers’ email needs.”

Almost a month after Telecom announced they decided to stick with Yahoo! as the email provider for its consumer ISP service: “Telecom New Zealand announced today that it will continue to offer its Yahoo! Xtra email service with Yahoo as its email provider, after receiving strong feedback from customers around the high value they place on it and obtaining a commitment from Yahoo! that it would work with Telecom to improve the customer experience of the service.”

It took Yahoo! a week to acknowledge something was wrong:

Yahoo! is continuing to work with Telecom to ensure Yahoo! Xtra mail accounts that were compromised last weekend have been secured and its in-depth investigation into the circumstances surrounding this issue is on-going.

“There is a lot of misinformation around what may have caused this vulnerability in the Yahoo! email product and the type of information that may have been compromised. There is currently no evidence to support reports that access has been gained to any user information beyond the customer's email address book or that this issue is related to any issues overseas, although we continue to investigate this,” say Laura Maxwell-Hansen, GM Yahoo! New Zealand. 

A “lot of misinformation” said Yahoo! so I asked the PR person if they could clarify exactly what happened, so that we could post the correct information and the reply was “It’s not appropriate to disclose that information as these details could be misused and may assist a hacker in the future.”

Either they were not sure what cause the problem in first place or there was no fix being released soon. Otherwise how could disclosing it “assist a hacker in the future”? Obviously we don’t know for sure because of all this security by obscurity.

Guess what? Almost three weeks after the events, and just a week after Telecom’s decision to stick with Yahoo! as its email provider it seems the @xtra.co.nz email service has been compromised again. This is from their network status page:

UPDATE: Here is what the Inbox folder of a compromised mailbox looks like when the account sends spam out and starts receiving bounces from servers reporting invalid addresses… Just look at the frequency of spam being sent:

(Imnage courtesy of Geekzone user possum888)

Other related posts:
Microsoft Ignite New Zealand, Microsoft Surface Studio
Geekzone data analytics with Power BI
Now with more fibre






comments powered by Disqus

freitasm's profile

Mauricio Freitas
Wellington
New Zealand


I live in New Zealand and my interests include mobile devices, good books, movies and food of course! 

I'm the Geekzone admin. On Geekzone we publish news, reviews and articles on technology topics. The site also has some busy forums. Also worth visiting is TravelTalk NZ, a community for travelers!

Subscribe now to my blog RSS feed or the Geekzone RSS feed.

If you want to contact me, please use this page or email me freitasm@geekzone.co.nz. Note this email is not for technical support. I don't give technical support. You can use our Geekzone Forums for community discussions on technical issues.

Here's is my full disclosure post.

A couple of blog posts you should read:


Social networks presence

View Mauricio Freitas's profile on LinkedIn


My Blog by tags...

Blog...
Entrepreneurship...
Media...
Personal...
State of Browsers...
Technology...
Viral Marketing...
Web Performance Optimization...
Windows...
Windows Phone...

Other recent posts in my blog

Google crawling Geekzone HTTPS...
Geekzone gone full HTTPS...
Microsoft Ignite New Zealand, ...
If the headlines indicate the ...
Geekzone data analytics with P...
State of browsers Geekzone Mar...
2Cheap Cars discussion...
Now with more fibre...
Unlimited is not unlimited: Vo...
How bad is Vodafone cable at t...

New posts on Geekzone