Another breach at Spark/Yahoo?

Forums › Spark New Zealand (including Skinny and BigPipe) › Another breach at Spark/Yahoo?

bonkas

315 posts

Ultimate Geek
+1 received by user: 12

#178953 20-Aug-2015 14:27

We have had many occurrences of spam messages being sent from Spark customers accounts, have found no malicious software on any of the machines but a flood of hundreds of sent messages in the users address book on the Spark webmail website.

Passwords have been changed but this still appears to be happening - This is also happening when these machines are powered off which is another nail in the coffin for the issue being st Spark/Yahoo's end.

Is anyone else experiencing this?

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41045

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1371000 20-Aug-2015 17:29

Are emails in the Sent folder or just bouncing back?

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

CYaBro

4708 posts

Uber Geek
+1 received by user: 1182

ID Verified

Trusted

#1371018 20-Aug-2015 17:55

We just had a customer come in yesterday with the same issue.
Spam emails appearing in their Sent Items on the Spark/Yahoo webmail site.
We checked their computer out and no malicious software and they had also changed their password more than once and the emails kept appearing.

We didn't see it happen while we worked on the job and the customer had also gone through and deleted all of the emails so we couldn't check headers or anything like that.

Opinions are my own and not the views of my employer.

mattwnz

20515 posts

Uber Geek
+1 received by user: 4795

#1371035 20-Aug-2015 18:25

If it is sent via outlook using SMTP, would it go into the sent folder in webmail? If not, then I presume that the only way they could access it is via webmail, or a hole in their email system.

yitz

2239 posts

Uber Geek
+1 received by user: 594

#1371075 20-Aug-2015 19:46

Access should be logged here:
https://api.login.yahoo.com/login/history

bonkas

315 posts

Ultimate Geek
+1 received by user: 12

#1371124 20-Aug-2015 20:51

freitasm: Are emails in the Sent folder or just bouncing back?

Yup, Both

bonkas

315 posts

Ultimate Geek
+1 received by user: 12

#1371301 21-Aug-2015 08:40

Yep a bunch of browser logins from Egypt and Ukraine starting from early in the morning of 18th.

Lenovo

Shop now for Lenovo laptops and other devices (affiliate link).

MackinNZ

450 posts

Ultimate Geek
+1 received by user: 119

Lifetime subscriber

#1371306 21-Aug-2015 08:50

Is this a business? If so, why are they using Yahoo for e-mail? Use Office 365.

bonkas

315 posts

Ultimate Geek
+1 received by user: 12

#1371309 21-Aug-2015 09:00

This has occurred with 3 seperate customers thus far and counting... And they are just customers that we know of...

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41045

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1371328 21-Aug-2015 09:32

No relation between those customers? Not just a phishing scam, malware keylogger, etc, etc?

It could be something localised instead of a wide spread hack - just trying to figure out the scale and probability of one versus another.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

bonkas

315 posts

Ultimate Geek
+1 received by user: 12

#1371333 21-Aug-2015 09:41

freitasm: No relation between those customers? Not just a phishing scam, malware keylogger, etc, etc?

It could be something localised instead of a wide spread hack - just trying to figure out the scale and probability of one versus another.

Good thought!

I have had a look through the one customers address book I have access to, no reference to any of the previously affected customers. No connection between them either. Weird.

This activity had stopped since passwords have been changed at Spark.

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41045

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1371336 21-Aug-2015 09:44

I'm inclined to say your customers were not so strict about sharing passwords/entering passwords.

I have a very old Yahoo! (non Xtra) account and I have SMS 2FA enabled for it - perhaps an option for your customers to increase security, if this is available to Yahoo!Xtra accounts as well?

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Dell

Shop now for Dell laptops and other devices (affiliate link).

Inphinity

2780 posts

Uber Geek
+1 received by user: 1184

#1371338 21-Aug-2015 09:50

I have an Xtra mail account, that is about 20 years old, and so far have not been affected by any of the so-called hacks and breaches in terms of people gaining access to the account. Perhaps it's because my password is not Password123 ? ;)