Has Xtra email been breached again?

Forums › Spark New Zealand (including Skinny and BigPipe) › Has Xtra email been breached again?

1 | 2 | 3 | 4 | 5 | 6 | 7

637 posts

Ultimate Geek
+1 received by user: 12
Inactive user

#795870 9-Apr-2013 22:01

they have yahoo servers all over the world.. like singapore australia united arab UK india etc

thats why if you ping pop3.xtra.co.nz it will show an address in australia

mattwnz

20520 posts

Uber Geek
+1 received by user: 4797

#795871 9-Apr-2013 22:05

They do, but if it was a vulnerability with the Xtra email account, wouldn't it be coming from the Australian servers, and not US ones? Or maybe webmail sends it via a different server location, from smtp.

kiwigeek1

637 posts

Ultimate Geek
+1 received by user: 12
Inactive user

#795877 9-Apr-2013 22:18

i think you can access it from anywhere in world (wouldnt you have redundacy so if aus servers went down they can fall back to singapore or somewhere) and Im sure they prefer you using a local or closest servers to access.. via xtramail.co.nz.. imap doesnt resolve to a nz server addy its seems to be usa as well if ping imap.mail.yahoo.com I dont know if theres a nz translator address like pop3,xtra.co.nz for it?

lxsw20

3689 posts

Uber Geek
+1 received by user: 2175

Subscriber

#795899 9-Apr-2013 22:59

Hmmm looking a lot like last time. I have mail from *@xtra.co.nz on the work mailmarshal box set to halt until I can sort through it to keep spam to end users down.

aw

296 posts

Ultimate Geek
+1 received by user: 30

#795929 10-Apr-2013 07:24

Got some overnight too, once again with the message containing the full name of the (apparent) senders who are known to me and relaying via several servers in *.tnz.mail.aue.yahoo.com (assuming "TNZ" is Telecom New Zealand). Sample forwarded on.

possum888

24 posts

Geek
+1 received by user: 4

ID Verified

#795933 10-Apr-2013 07:46

Our Telecom account was sending out a lot of spam last night to everyone in our contacts. A lot of them failed to reach the sender, but the messages seem to only be a link to a domain that was taken down, my name, and a couple of random characters at the end of the email.

Changing our password seemed to fix it. Heres what our inbox looked last night, most of them were Recipient rejected errors.

Lenovo

Shop now for Lenovo laptops and other devices (affiliate link).

freitasm

BDFL - Memuneh
80657 posts

Uber Geek
+1 received by user: 41067

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#795960 10-Apr-2013 08:27

From the Telecom status page:

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Lockedbag

7 posts

Wannabe Geek
+1 received by user: 4

#795964 10-Apr-2013 08:30

Yesterday at 4:40 pm. My xtra account sent over 30 emails to groups of three recipients with no header and just a link and my full name as the signature. I took the approach that I should change my password. Did that last night and using my xtra account sent apology emails to all. It's morning of the day after and I have no access to my xtra account. The password has been changed! Hope that's xtra doing that?

Have to get onto them when I get to work.

Strange thing . Since xtra reset my password without telling me after the last breach widely reported, I have changed my password twice. Doesn't seem to have helped.

Is it a coincidence that the day xtra confirm they are staying with yahoo that this breach, or spam problem as the telecom website is calling it, my account has been hacked!

plambrechtsen

1948 posts

Uber Geek
+1 received by user: 459
Inactive user

#795967 10-Apr-2013 08:42

For those that have had their accounts used for spamming. If you could login to the Yahoo Login History page:

https://api.login.yahoo.com/login/history

And then email me the results of that (changing the dropdown from location to IP address) I would be interested to know. Again to "pl at telecom.co.nz".

Plus any recent spam sent or received from the xtra or yahoo.co.nz domains would be appreciated. And as always mail headers are essential :)

We are continuing to work with our partner Yahoo on this......

freitasm

BDFL - Memuneh
80657 posts

Uber Geek
+1 received by user: 41067

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#795970 10-Apr-2013 08:51

Good luck Peter. You folks do a great work.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

ubergeeknz

3344 posts

Uber Geek
+1 received by user: 1041

Trusted

Vocus

#795982 10-Apr-2013 09:11

I'd like to add it's not just Yahoo! Xtra accounts which have been comped; I got an email from a friend who has a yahoo.co.nz email too (and so have several others) Also from several xtra.co.nz accounts.

Samsung

Shop now on Samsung phones, tablets, TVs and more (affiliate link).

Damager

2125 posts

Uber Geek
+1 received by user: 37

#795984 10-Apr-2013 09:19

Got spam also from a friend on xtra.. Thing is, just talking to her now.. She closed that Xtra account 3 years ago.. Why are these accounts still open?

- Telstra HTC Touch Pro2 - Energy ROM WM6.5.5 20 Oct/Cyanogen Mod Froyo 2.2 - R.I.P
- AT&T Galaxy S Captivate 16GB on XT (now with brother)
- Samsung Galaxy S2 on XT- Runs ICS 4.0.3 Resurrection Remix 9.2
- Business Hours - Work In The Electricity Industry, After Hours - DJ/Turntablist - Will Scratch Vinyl For Free'
- What's next??? S3?

plambrechtsen

1948 posts

Uber Geek
+1 received by user: 459
Inactive user

#795993 10-Apr-2013 09:34

Many thanks to Michael who just sent me the login page info...

If we can have some further people doing this we can correlate similar customers impacted.

And again, I am not a mind reader so if particular folks are having issues please email me (especially if you have an account which should be suspended but isn't and that sort of thing). Send me an email and I can help.

freitasm

BDFL - Memuneh
80657 posts

Uber Geek
+1 received by user: 41067

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#796993 10-Apr-2013 10:00

Here's the official statement issued:

Late Tuesday afternoon Telecom had reports that some Yahoo! Xtra customers were receiving suspicious looking emails. These emails appeared to be from one of their contacts, but contained an embedded link to a potentially malicious website.

We began urgent investigations with our email provider Yahoo! to identify the source of this latest issue. This included submitting examples of these suspicious emails for Yahoo! to analyse and attempt to trace the source. Based on this analysis, Yahoo! implemented some additional security protocols, which it has in place for incidents such as this.

Yahoo! has also provided us with a preliminary assessment of the number of ‘compromised’ accounts – these are customer accounts which have been misused to send suspicious emails. On any normal day, the number of compromised accounts can range from under a hundred to 1000 or so. In this incident, the number appears to be at the higher end of this normal range.

As per Telecom and Yahoo’s established policy, we will require those customers whose accounts we believe have been compromised to change their password. This is recognised as the best way to re-secure their account. Guidance on how to change your password is on our website and can be found here www.telecom.co.nz/changepassword. As we announced last Friday in our review of the Yahoo! Xtra service, we are also urgently working to implement a much simpler process for alerting customers whose accounts have been compromised and helping them re-secure their accounts. This will automatically direct customers to a web page that steps them through how to change their password and make any necessary changes to their account settings. We hope to have this new system in place later today.

It is important for customers to realise that simply receiving a suspicious email does not indicate that their account has been compromised. We’re advising customers who have received mail that they believe is spam, even from a known contact, to delete immediately and never to click on suspicious links contained within emails.

As we announced last Friday, Telecom is continuing to offer its Yahoo! Xtra email service with Yahoo! as our email provider, after receiving strong feedback from customers around the high value they place on the service, and obtaining a commitment from Yahoo! to work with Telecom to improve the customer experience and respond to security issues. In the last 24 hours we have seen this new commitment in action as both Telecom and Yahoo! have worked quickly to contain this latest incident.

All email providers are engaged in a continuous battle against online crime and spam. Yahoo! as one of the biggest global providers of email is at the front line of this battle – blocking more than 600 billion spam messages a month.

In an unrelated matter, some customers with Apple devices have had problems syncing their Yahoo! Xtra accounts. We believe this issue has now been resolved, but customers may need to restart their devices before syncing will occur.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

networkn

Networkn
32871 posts

Uber Geek
+1 received by user: 15466

ID Verified

Trusted

Lifetime subscriber

#796995 10-Apr-2013 10:03

I'd love to see some of the "strong" feedback they got supporting continuing with Yahoo. Not one person I have spoken to or seen believes continuing with Yahoo is the right decision to make, certainly not "strongly"

1 | 2 | 3 | 4 | 5 | 6 | 7