Story image

Hacked off? Telecom says RELAX

10 Apr 2013

Telecom has projected a sense of calm following the latest Yahoo Xtra email security breach, instructing users how to combat the problem.

The telco insists the problem is under control in an attempt to downplay the incident.

Late Tuesday afternoon Telecom received reports that some Yahoo Xtra customers were receiving suspicious looking emails.

These emails appeared to be from one of their contacts, but contained an embedded link to a potentially malicious website.

"We began urgent investigations with our email provider Yahoo to identify the source of this latest issue," says Lucy Jackson, spokeswoman, Telecom.

"This included submitting examples of these suspicious emails for Yahoo to analyse and attempt to trace the source.

"Based on this analysis, Yahoo implemented some additional security protocols, which it has in place for incidents such as this."

Jackson says Yahoo has also provided a preliminary assessment of the number of ‘compromised’ accounts.

On any normal day, the number of compromised accounts can range from under a hundred to 1000 or so but in this incident, the number appears to be at the higher end of this normal range.

What customers should do:

As per Telecom and Yahoo’s established policy, the telco will require those customers whose accounts have been compromised to change their password.

"This is recognised as the best way to re-secure their account," Jackson says.

Guidance on how to change your password is Telecom's website and can be found here at www.telecom.co.nz/changepassword.

"As we announced last Friday in our review of the Yahoo Xtra service, we are also urgently working to implement a much simpler process for alerting customers whose accounts have been compromised and helping them re-secure their accounts," Jackson says.

"This will automatically direct customers to a web page that steps them through how to change their password and make any necessary changes to their account settings.

"We hope to have this new system in place later today.

Jackson did stress however that it is important for customers to realise that simply receiving a suspicious email does not indicate that their account has been compromised.

"We’re advising customers who have received mail that they believe is spam, even from a known contact, to delete immediately and never to click on suspicious links contained within emails," she says.

Yahoo response:

Following a renewed effort from Telecom to offer the Yahoo email service, Jackson says the company is happy with the email providers response since the attack.

"In the last 24 hours we have seen this new commitment in action as both Telecom and Yahoo have worked quickly to contain this latest incident," she says.

"Yahoo handles many billions of emails each day and can’t possibly monitor every single one.

"Frankly nor would our Xtra customers want them to do so.

"From Telecom’s perspective, we believe that Yahoo's response to this matter has been timely and appropriate.

"Within the space of a two hour period yesterday we became aware of this issue in a variety of ways – customer feedback to our call centres and via media/social media, and Yahoo alerting us themselves."

Have you been hacked? Are you unsure? Tell us your thoughts below