"New Zealand companies aren’t immune to the dangers of the internet, and the Yahoo Xtra breach demonstrates this far too well."
That is the view of Unisys Asia Pacific security program director John Kendall, who has warned affected users to act fast or pay the consequences.
The Unisys Security Index found that 66% of Kiwis are extremely or very concerned about other people obtaining or using their credit/debit card details, with the same number also worried about unauthorised access to or misuse of their personal information.
"This is the exact kind of information people love to store in their email accounts, and the information the same cybercriminals that breached Yahoo Xtra are after," Kendall says.
As reported by Techday yesterday, the Yahoo Xtra email attack is worse than first feared, with Telecom canceling around 80,000 passwords in a desperate bid to halt the breach.
"Many people use the same or similar passwords across multiple technologies, bank accounts, email, Facebook – and that’s not a good idea," Kendall warns.
"Using the same password over and over jeopardises you entire digital identity.
"New Zealanders should take the opportunity to learn from our most recent high profile breach and change their passwords now. And refresh those passwords regularly."
Asking customers to be patient, Telecom is currently reacting to swamped call centres and inbound email queries as the problem continues to spiral out of control.
But for Kendall, the real danger is still to come.
"The real danger for people who have had their Yahoo Xtra logon details stolen is not just that unauthorised people may try to access their email account and infiltrate their contacts, it’s that they may try to use the information in their emails to gain access to other systems such as online banking and credit card details," he says.
"Access to the kind of personal information that users keep in their email can prove a virtual gold mine for identity thieves, and those looking to target contacts of users for fraudulent purposes.
"It’s time to change your passwords, and if you haven’t done it yet think of the exercise as a late New Year’s resolution."
Have you changed your email passwords? Tell us your experiences of the cyber attack below