More compromised Yahoo XTRA mail accounts?

Forums › Spark New Zealand (including Skinny and BigPipe) › More compromised Yahoo XTRA mail accounts?

Spong

1005 posts

Uber Geek

Trusted

#115062 12-Mar-2013 15:46

One of my clients with an Xtra email address, that wasn't affected by the recent email account compromise issue at Yahoo, was late last week made aware that her account was suddenly sending out spam emails to those in her Yahoo/Xtra address book. I received one also and it was very similar to those we all received a few weeks back.

This was the first time this has happened to her, and she never received an email from Xtra asking her to change her email password, nor was her password reset previously. Once I became aware, I advised her to change her password which she did over the weekend.

Today, her account has become suspended by Yahoo Services due to "Violation of the Yahoo! terms of Service" .
She hasn't had a chance to speak to XTRA about this yet, but I wonder whether there were more accounts compromised than we were aware of?

Has anyone else become aware of a second wave of these?

Doesn't look like Yahoo/Xtra have heard the last of this....

Tivo upgrades to operate with the new OzTivo EPG, support and service. Over 400 performed here so far. See: www.hillcrest.net.nz

1 | 2

117 posts

Master Geek

#778632 12-Mar-2013 16:07

This here, hope his helps.

Despite Yahoo's efforts to fix 'vulnerabilities', mail users have continued to see their accounts hacked. The company says two isolated security holes have been rectified, but the problems persist.

res of the article below

http://www.neowin.net/news/yahoo-mail-accounts-continue-to-be-hacked-despite-fixes

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

mattwnz

20004 posts

Uber Geek

#778650 12-Mar-2013 16:24

Do people signup to the yahoo terms when they setup a telecom account and email address? I didn't think that telecom customers had a direct contract with yahoo?

It sounds like their individual computer has malware. Quite common these day, they probably clicked on a link in an email.

plambrechtsen

1948 posts

Uber Geek
Inactive user

#778669 12-Mar-2013 16:43

If you are getting the "your account is suspended" then I recommend you ring the helpdesk on 0800 225598 and speak with them. Things have somewhat normalised and we are now back to our BAU process of suspending accounts if we are alerted by Yahoo that they are sending spam.

It does sound like the machine may have been infected with malware or somehow the password for that account was compromised.

You can email me pl at telecom.co.nz with the account address and I can look it up, but it's probably easier & faster to go via the helpdesk and get them to unsuspend the account.

E-Mails do still get delivered when the account is suspended but now we are going back to the BAU process where Yahoo advises us that email addresses have been sending spam and consequently we suspend those accounts.

weetbix43

117 posts

Master Geek

#778676 12-Mar-2013 16:44

As a Telecom customer when I signed up with telecom you are given a email address with xtra.co.nz but it's tied to yahoo. When you login with that from telecom website it signs you into Yahoo.

plambrechtsen

1948 posts

Uber Geek
Inactive user

#778679 12-Mar-2013 16:47

weetbix43: As a Telecom customer when I signed up with telecom you are given a email address with xtra.co.nz but it's tied to yahoo. When you login with that from telecom website it signs you into Yahoo.

However Telecom manage the full identity lifecycle from creation/suspension & termination. So it is our systems (and believe me as I work on them) that send the provisioning requests to Yahoo to perform all the user lifecycle management operations.

Oblivian

7270 posts

Uber Geek

ID Verified

#780961 13-Mar-2013 10:29

Looking at my intercepted box, I have a tonne over the last 3-4 days from a craig.<name> (which happens to be my first name) @ xtra accounts.

All with pictures and "Tell a friend - Download latest version" contained somewhere within and one of those earn quick dollars scams

One from a yahoo.nl too. So not sure if this is a global push to random@xtra.co.nz again or if its more comprimised issues.

Hell, Even one is from me! (or so it claims to be)

Happy to bundle and forward if you need them to look into Paul

Spong

1005 posts

Uber Geek

Trusted

#780982 13-Mar-2013 10:50

Well my customer's PC wasn't compromised as some have suggested. It was her Yahoo/Xtra account and her account was one of many suspended by Telecom yesterday.

She's back up and running having spoken to the helpdesk. It's very concerning that this problem is continuing, and Yahoo didn't identify the extent of the problem. If ever there was a reason to jump ship, this would have to be it.

However, my experience is that there are lots of doctors, lawyers and other professionals out there (many are my customers) who have had Xtra email addresses for 15 years or longer. Despite being well aware of the advantages of having their own domain email addresses, and the security issues of Yahoo's mail servers, none of them are even slightly interested in changing what they've had for 15+ years. They perceive it as "just too much trouble" considering the thousands of people they deal with. Telecom owe it to their customers to take responsibility for this serious issue, and move their email service to a better vendor.

Tivo upgrades to operate with the new OzTivo EPG, support and service. Over 400 performed here so far. See: www.hillcrest.net.nz

plambrechtsen

1948 posts

Uber Geek
Inactive user

#780984 13-Mar-2013 10:52

Oblivian: Looking at my intercepted box, I have a tonne over the last 3-4 days from a craig.<name> (which happens to be my first name) @ xtra accounts.

All with pictures and "Tell a friend - Download latest version" contained somewhere within and one of those earn quick dollars scams

One from a yahoo.nl too. So not sure if this is a global push to random@xtra.co.nz again or if its more comprimised issues.

Hell, Even one is from me! (or so it claims to be)

Happy to bundle and forward if you need them to look into Paul

If you could forward the emails through to ort at telecom.co.nz and include the full email headers he would be extremely helpful.

It's still being actively investigated.

old3eyes

9110 posts

Uber Geek

Subscriber

#780987 13-Mar-2013 10:56

weetbix43: As a Telecom customer when I signed up with telecom you are given a email address with xtra.co.nz but it's tied to yahoo. When you login with that from telecom website it signs you into Yahoo.

When I signed up last month with Telecom as an ISP I had the option of signing up for a Xtra email address but declined as I use Outlook.com and Orcon ones..

Regards,

Old3eyes

weetbix43

117 posts

Master Geek

#781064 13-Mar-2013 12:40

old3eyes:
weetbix43: As a Telecom customer when I signed up with telecom you are given a email address with xtra.co.nz but it's tied to yahoo. When you login with that from telecom website it signs you into Yahoo.

When I signed up last month with Telecom as an ISP I had the option of signing up for a Xtra email address but declined as I use Outlook.com and Orcon ones..

I've been with Telecom for a number of years. I was never given that option perhaps it is different now.

Oblivian

7270 posts

Uber Geek

ID Verified

#781313 13-Mar-2013 21:35

Forwarded as full .eml attachments as requested

Sorry.. keep getting Paul in my head when I see your name.. not the right one ;)

mattwnz

20004 posts

Uber Geek

#781329 13-Mar-2013 21:51

old3eyes:
weetbix43: As a Telecom customer when I signed up with telecom you are given a email address with xtra.co.nz but it's tied to yahoo. When you login with that from telecom website it signs you into Yahoo.

When I signed up last month with Telecom as an ISP I had the option of signing up for a Xtra email address but declined as I use Outlook.com and Orcon ones..

But isn't the broadband username an xtra email address, so you automatically get one?At least I got one when I signed up last year.

plambrechtsen

1948 posts

Uber Geek
Inactive user

#781353 13-Mar-2013 22:58

mattwnz:
old3eyes:
weetbix43: As a Telecom customer when I signed up with telecom you are given a email address with xtra.co.nz but it's tied to yahoo. When you login with that from telecom website it signs you into Yahoo.

When I signed up last month with Telecom as an ISP I had the option of signing up for a Xtra email address but declined as I use Outlook.com and Orcon ones..

But isn't the broadband username an xtra email address, so you automatically get one?At least I got one when I signed up last year.

Haven't needed a username & password to login to broadband for the last few years as you're authenticated via the physical connection you're coming in via. So normally you shouldn't need anything other than "user@xtrabb.co.nz" and "password" for the password which is the default in all modems shipped by Telecom these days.

bender84

78 posts

Master Geek

#784725 20-Mar-2013 21:47

FWIW, discovered the infrequently used Yahoo Xtra account that I hadn't logged in to for well over a year was goneburger / suspended as well. Only noticed it when trying to find some old photos on flickr and found that the accompanying Flickr pro account was gone. Telecom are sorting it out, but it seems from where I sit, this security breach was pretty extreme and my account may have been compromised quite some time ago?

Needless to say, I'm not motivated to start using any of yahoo services again anytime soon... An effectively dormant / unused account being compromised? Perhaps with the complexity of today's systems, I guess I shouldn't be surprised may be. Very disappointing none the less.

plambrechtsen

1948 posts

Uber Geek
Inactive user

#784838 21-Mar-2013 10:31

bender84: FWIW, discovered the infrequently used Yahoo Xtra account that I hadn't logged in to for well over a year was goneburger / suspended as well. Only noticed it when trying to find some old photos on flickr and found that the accompanying Flickr pro account was gone. Telecom are sorting it out, but it seems from where I sit, this security breach was pretty extreme and my account may have been compromised quite some time ago?

Needless to say, I'm not motivated to start using any of yahoo services again anytime soon... An effectively dormant / unused account being compromised? Perhaps with the complexity of today's systems, I guess I shouldn't be surprised may be. Very disappointing none the less.

If you could email me details on the account that you hadn't used, pl at telecom.co.nz with as much detail as you can. Would be helpful to know.

1 | 2