Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


BDFL - Memuneh
61515 posts

Uber Geek
+1 received by user: 12236

Administrator
Trusted
Geekzone
Lifetime subscriber

Topic # 204259 23-Sep-2016 17:17
One person supports this post
Send private message

Just received


Important security information for Xtra e-mail customers

Yahoo announced earlier today that a copy of some of its user account information was stolen from the company’s global network back in November 2014. They have confirmed that the information from some of Spark’s Xtra customers is included in the stolen data. We are working closely with Yahoo to identify any customers who may be affected.

Yahoo has no evidence that the stolen bcrypt-protected passwords or security questions and answers were used to gain unauthorized access to Spark accounts.

Yahoo has confirmed that the stolen account information may have included names, email addresses, telephone numbers, dates of birth, and hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.

Their investigation suggests that information did not include unprotected passwords.

 

Spark will be communicating directly with customers who we believe may have been impacted as soon as we have more information. We would like to remind all customers to change their password and security questions for their Xtra account and any other account on which you used the same or similar information.

To maintain a secure online profile, Spark advises all Xtra users to regularly update account settings with a strong, difficult-to-predict password. All Xtra customers who have not changed their password or security questions since 2014, or are unsure if they have, should do so now on the Spark website using this link: www.spark.co.nz/changepassword.

As previously announced, we are currently in the process of preparing to move all of our email system back home to New Zealand. A number of our customers have already received a request to register on the Spark website. We thank those customers who have already registered and encourage those who have not registered, to do so.

If you’ve already registered to have your email moved to SMX, you don’t need to do that again – any changes you make to your password will be applied to the new system.





View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2


BDFL - Memuneh
61515 posts

Uber Geek
+1 received by user: 12236

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1640839 26-Sep-2016 17:41
Send private message

Some more information:

 

 

Yahoo announced late last week that a copy of some of its user account information was stolen from the company’s global network back in November 2014. Yahoo has since confirmed that information from some of Spark’s Xtra customers is included in the stolen data. 

 

Spark was notified on Friday and staff have been analysing the data provided by Yahoo to identify the Spark customers who Yahoo believe may be affected.

 

We take this matter very seriously and will be progressively communicating directly with these customers who may have been impacted, from today, and over the course of the next 48 hours. The number of email addresses potentially at risk is 130,000, which is around 15% of the total Xtra email address base.

 

Spark will be asking these customers to immediately change their passwords (if they haven’t already.)

 

Yahoo has told Spark it has no evidence that the stolen information has been used to gain unauthorised access to Spark accounts.   

 

To maintain a secure online profile, Spark advises all Xtra users to regularly update account settings with a strong, difficult-to-predict password. All Xtra customers who have not changed their password since 2014, or are unsure if they have, should do so now on the Spark website using this link: www.spark.co.nz/changepassword

 

As previously announced, we are currently in the process of preparing to move all of our email systems back home to New Zealand. If customers have already registered to have their email moved to SMX, they don’t need to do that again.  Similarly if customers have changed their password as part of the SMX registration process they won’t need to do it again.

 





14416 posts

Uber Geek
+1 received by user: 1886


  Reply # 1640854 26-Sep-2016 18:06
Send private message

How does changing passwords fix the problem over the hacked security questions that may have been used on other services. Eg First pets name etc.  If hackers have that info, they potentially could get access to other services with other providers, what is being done about that?




BDFL - Memuneh
61515 posts

Uber Geek
+1 received by user: 12236

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1640858 26-Sep-2016 18:12
Send private message

Not sure, but when I logged into my Yahoo account (not Xtra), their page now asks to remove those questions. Note I already had SMS authentication enabled on that account.





1920 posts

Uber Geek
+1 received by user: 377

Subscriber

  Reply # 1640930 26-Sep-2016 20:58
Send private message

Mind blowing that it takes almost two years to produce this info. 


1759 posts

Uber Geek
+1 received by user: 895


  Reply # 1640949 26-Sep-2016 21:57
Send private message

Hasn't this happened before with Xtra email accounts????


370 posts

Ultimate Geek
+1 received by user: 85


  Reply # 1640987 26-Sep-2016 22:26
Send private message

Pumpedd:

 

Hasn't this happened before with Xtra email accounts????

 

 

In 2012/13 I seem to remember.


5 posts

Wannabe Geek


  Reply # 1641003 26-Sep-2016 23:14
Send private message

I've received an email from Spark tonight advising me to reset my password due to the data breach.

 

 

 

Ironically the embedded URL includes the email address of another customer and their Spark account number is listed at the top of my email...I have no idea who they are.


1642 posts

Uber Geek
+1 received by user: 419


  Reply # 1641009 26-Sep-2016 23:43
Send private message

You should notify them that you have received someone else's information in error and ask for confirmation that you should delete it.

14416 posts

Uber Geek
+1 received by user: 1886


  Reply # 1641015 27-Sep-2016 00:16
Send private message

 

 

Looks like the privacy commissioner is looking into this whole thing too.

 

http://www.stuff.co.nz/business/84669701/privacy-commissioner-john-edwards-weighs-in-on-yahoo-hack 


370 posts

Ultimate Geek
+1 received by user: 85


  Reply # 1641041 27-Sep-2016 08:16
Send private message

bmw151:

 

Ironically the embedded URL includes the email address of another customer and their Spark account number is listed at the top of my email...I have no idea who they are.

 

 

 

 

Well that's a classic, I guess someone out there now has your details embedded in an email they got.

 

ISP's should drop the personal email thing, it's so 90's. There are tons of free email providers now such as Gmail, Outlook, Yandex and Tutanota but to name a few.


27158 posts

Uber Geek
+1 received by user: 6588

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1641064 27-Sep-2016 09:13
Send private message

cynnicallemon:

 

bmw151:

 

Ironically the embedded URL includes the email address of another customer and their Spark account number is listed at the top of my email...I have no idea who they are.

 

 

 

 

Well that's a classic, I guess someone out there now has your details embedded in an email they got.

 

ISP's should drop the personal email thing, it's so 90's. There are tons of free email providers now such as Gmail, Outlook, Yandex and Tutanota but to name a few.

 

 

Most newer providers don't provide email services. The problem is legacy providers have to continue the service.

 

Moving email services can cause a world of pain, so it does become a form of lock-in if you're going to charge a lot per month (like Spark do) to keep email if you change providers.

 

 


370 posts

Ultimate Geek
+1 received by user: 85


  Reply # 1641068 27-Sep-2016 09:29
Send private message

sbiddle:

 

 

 

Most newer providers don't provide email services. The problem is legacy providers have to continue the service.

 

 

 

 

Is there any reason why they have to continue a "free" service, other than a potential loss of a customer?

 

 




BDFL - Memuneh
61515 posts

Uber Geek
+1 received by user: 12236

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1641070 27-Sep-2016 09:31
Send private message
5 posts

Wannabe Geek


  Reply # 1641077 27-Sep-2016 09:38
Send private message

My main account came through with the right details but I got two emails with the other customer's details on my sub account. The way these batch emails are processed it is likely affecting many others.

1762 posts

Uber Geek
+1 received by user: 397

Trusted
Subscriber

  Reply # 1641082 27-Sep-2016 09:49
Send private message

cynnicallemon:

 

sbiddle:

 

 

 

Most newer providers don't provide email services. The problem is legacy providers have to continue the service.

 

 

 

 

Is there any reason why they have to continue a "free" service, other than a potential loss of a customer?

 

 

 

 

No, but there is fallout that will come from taking something away that used to be free. Remember, the GZ community feels passionate about these products and can pontificate on end about the merits of each type, but for many folks they really don't give a flying, as it's just a small part of their life.

 

Many small business people have spent $$$ putting contact details on their vans, cars, websites and so on. It may be just a business cost, but its money being diverted that could otherwise have been spent elsewhere - and it can be a real mish getting stuff changed?

 

Sound like I'm overegging? I invite anyone to close a product and manage the process of taking something away from businesses, and have to deal with the issues it creates. It's the best crucible in the world for learning empathy and the real of world of managing :-)





________

 

Antonios K

 

 

 

Click to see full size


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.