Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Watch this topic Create new topic
1 | 2 | 3 | 4 | 5
234 posts

Master Geek
+1 received by user: 24

Subscriber

  Reply # 944518 3-Dec-2013 08:44 Send private message quote this post

Spong:
kawaii: What I'd love to know is who was the bright spark that made the decision to go with Yahoo - the same person who thought that all the 'hip young things' would like Bebo phone? honestly, do they really need to have a 'anyone over 40 needs to resign' purge at Telecom? How on God's green earth did it make any sense to go with Yahoo when Google or Microsoft have a better reputation? why didn't they do something about cancelling the arrangement after the first fiasco? how many times must Yahoo keep failing and the executive who made the decision keep holding onto his job before the board finally realises this fiasco is taking a toll on the Telecom brand?


This all seems a bit deja vu as per this article from April this year: http://www.nbr.co.nz/article/telecom-completes-review-sticks-yahooxtra-ck-138192

Surely the time's right now to drop Yahoo??


They were sending emails or looking for permission to send the mail servers to Thailand earlier this year .... our mail is drifting further afield.






nunz

6126 posts

Uber Geek
+1 received by user: 213


  Reply # 944523 3-Dec-2013 08:50 Send private message quote this post

What a mess for them. My one has also been sending spam and been disabled. I'm just going to leave it, as I only use the email address for signing up to e newsletter anyway. Had a huge amount of spam from xtra email addresses today, so looks like it has hit again overnight.

39 posts

Geek
+1 received by user: 17


  Reply # 944524 3-Dec-2013 08:53 Send private message quote this post

Xtra have been telling some customers that the problem is solved. As I've received another little bunch of "hey" spam emails from Xtra accounts this morning, that may not be entirely true.

We all know about the big Yahoo/Xtra hack that happened in February, but Eric Basu at Forbes documents another large Yahoo hack in July of this year. This story suggests that apart from the obvious goal of providing links to the original spam sites, this hack also provides the bad guys with a means of grabbing (and validating) new email addresses to target outside of the Yahoo domain.

Basu says that for targeted Yahoo users, just changing your password isn't enough. He suggests changing your password reset questions/answers, going to “Manage Apps and Website Connections” and killing off all the third party apps that you’ve given permission to access your account over the years, and checking that your ‘backup email’ account hasn’t been modified.  "It might be set to a new one that looks almost like yours, but one character off."

234 posts

Master Geek
+1 received by user: 24

Subscriber

  Reply # 944529 3-Dec-2013 09:07 Send private message quote this post

Can confirm there is a new attack on. Started for us at 1am this morning, originating out of Georgia / Russia. We contacted the ISP and they 'might' do something.







nunz

47 posts

Geek
+1 received by user: 4


  Reply # 944633 3-Dec-2013 11:39 One person supports this post Send private message quote this post



I got a wave of these emails to our business today from a range of our clients compromised accounts so its pretty wide spread.   Seems like xtra has been  hacked in a big way again. 

Funny how the Official spin looks at the start  http://www.stuff.co.nz/national/9463386/Xtra-accounts-locked-after-spam-attack  always playing it down.  "spam issues"  LOL  Thanks we know about the "symptom"

1351 posts

Uber Geek
+1 received by user: 164


  Reply # 944636 3-Dec-2013 11:48 Send private message quote this post

Can someone please tell me -- is it me who has been hacked , and they download my contact list and use that to send me spam seemingly from my contacts --- or, is it my friends who have been hacked and I am being sent spam because I am in my friends contact list?


39 posts

Geek
+1 received by user: 17


  Reply # 944637 3-Dec-2013 11:52 Send private message quote this post

surfisup1000: Can someone please tell me -- is it me who has been hacked , and they download my contact list and use that to send me spam seemingly from my contacts --- or, is it my friends who have been hacked and I am being sent spam because I am in my friends contact list?

Probably both if you're all Xtra clients.

47 posts

Geek
+1 received by user: 4


  Reply # 944658 3-Dec-2013 12:23 Send private message quote this post

surfisup1000

If the email address is  [email protected] and is coming to you, that is not your friend hacked its the whole xtra network by the looks and if your address is @xtra.co.nz   then your address list could have been mailed with spam also. 

29k

6 posts

Wannabe Geek


  Reply # 944668 3-Dec-2013 12:37 Send private message quote this post

I've recieved spam this morning from family, so new attack then?   How does one view where people have been logging in from? I remember a link for that during one of the previous attacks.

263 posts

Ultimate Geek
+1 received by user: 38


  Reply # 944691 3-Dec-2013 13:05 Send private message quote this post

29k: I've recieved spam this morning from family, so new attack then?   How does one view where people have been logging in from? I remember a link for that during one of the previous attacks.


https://api.login.yahoo.com/login/history

6 posts

Wannabe Geek
+1 received by user: 2


  Reply # 944720 3-Dec-2013 13:43 Send private message quote this post

Using the login history on a compromised account I can see it was accessed from California USA at around 7.23am NZ time.

5 posts

Wannabe Geek


  Reply # 944740 3-Dec-2013 14:04 Send private message quote this post

well my friends xtra.co account got hacked on sunday from the Ukraine while i was with him, i managed to change his password, 2 years ago his account was wiped, emails, contacts everything. we called xtra yahoo/telecom but telecom claims they have nothing to do with it as they outsourced and yahoo couldn't do anything as it was synced off the server.

its very poor that telecom doesn't provide users with a safer account service or a secure server for backups, i know people will say use another service, but alot of business users or older people use the email provided expecting service with what they pay for, i tried telling them to use gmail or a service not from the 90s.

today my yahoo.com account was hacked from usa, over 100 mailer failure spammed my phone.i managed to change my accounts related to it and close it.

i was at the citizen advice bureau today as i needed to see the justice of piece and they all got hacked.

my yahoo.com.au account got hacked at the start or the year but the hacker sent me an email of my yahoo id and password, so i obviously changed it.
no matter how hard i try the hacking occurs from yahoos side, every account i had with yahoo has been hacked.

7532 posts

Uber Geek
+1 received by user: 236

Trusted
Subscriber

  Reply # 944747 3-Dec-2013 14:20 Send private message quote this post

Yahoo appears to be riddled with XSS vulnerabilities which allow this to happen again and again.

6126 posts

Uber Geek
+1 received by user: 213


  Reply # 944786 3-Dec-2013 15:10 Send private message quote this post

Telecom Appear to be distancing themselves from the problem by saying it is a yahoo problem, and that some of their customers using xtra email addresses maybe affected. That doesn't really sound like they are owning the problem, nor have they actually said what the problem is. They have subbed out to another company for email so they have to take ownership that it is also their problem, and to fully explain it. When I try to log into my xtra account, it now says that their system has noticed some suspicious activity on my account, and I have been locked out and I need to change the password. It then says that you should regularly update your password and to keep it safe, which implies that it is a customer problem. But I have never had problems with other email providers and my account being hacked before, and I doubt the compromise is at my end. I don't think you should need to change your password regularly either, if it is a strong one with upper and lower case characters and numbers.

The xtra logs show that mine way hacked from the USA
5:15 AM    Browser     Logged in to Mail     NC, US

39 posts

Geek
+1 received by user: 17


  Reply # 944811 3-Dec-2013 15:28 Send private message quote this post

mattwnz: I don't think you should need to change your password regularly either, if it is a strong one with upper and lower case characters and numbers.

I agree that Yahoo shouldn't be allowing these hacks to continue and that Xtra need to step up to the plate and ideally sever ties with them. But no matter how strong your password may be, if the bad guys have a copy then you're buggered and changing your password is essential and urgent.

1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Watch this topic Create new topic








Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Telecom introduces unlimited broadband data plan
Created by freitasm, last reply by kawaii on 25-Apr-2014 04:42 (100 replies)
Pages... 5 6 7


Stonedine
Created by Lizard1977, last reply by mattwnz on 24-Apr-2014 15:45 (67 replies)
Pages... 3 4 5


Auckland Transport Hop card - look out for errors
Created by robjg63, last reply by sbiddle on 24-Apr-2014 20:48 (21 replies)
Pages... 2


Windows 8 System Mechanics
Created by eme, last reply by eme on 24-Apr-2014 21:10 (20 replies)
Pages... 2


Using my Mac to ring family in the UK
Created by Geektastic, last reply by nakedmolerat on 24-Apr-2014 11:28 (19 replies)
Pages... 2


Telecom has started metering their TiVo customers' broadband usage (WITHOUT PRENOTIFICATION)
Created by Peteriv, last reply by mattwnz on 24-Apr-2014 15:11 (74 replies)
Pages... 3 4 5


Forms of government for New Zealand
Created by charsleysa, last reply by gzt on 24-Apr-2014 21:36 (176 replies)
Pages... 10 11 12


Parallel imported product
Created by Wills1, last reply by joker97 on 23-Apr-2014 21:01 (53 replies)
Pages... 2 3 4



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.