Warning: This story was published more than a year ago.

Spammers hijack Yahoo Xtra email accounts

New Zealanders have come under attack from "savvy spammers" over the weekend, with hundreds of Kiwi email accounts breached in a "suspected phishing issue."

While it is not yet known how the Yahoo Xtra accounts were breached, emails were sent to everyone on the users' contact lists requesting them to click a link.

Yahoo user Telecom says the case is a phishing issue, with the first of the problems starting as earlier as Saturday afternoon.

Over 150 customers had opened the email but the telco company says it is impossible to say how many accounts were affected, as most will have deleted the email.

One customer who was hacked believes the attack serves as a constant reminder of the privacy problems plaguing the internet.

"This shouldn't be happening if I'm honest," says Robert Williams, a Telecom customer.

"I definitely expect more from my service provider and need future guarantees that such breaches won't happen again.

"If these spammers did it once, they can do it again and that is worrying."

When asked why such a thing can happen, Telecom was unsurprisingly quiet on the comment front, releasing only an official company statement.

"Some customers reported experiencing bounced emails and noticed emails were being sent to their contact list after opening suspicious emails," says Jo Jalfon, Telecom spokeswoman.

It appears both Yahoo and Telecom were simply outfoxed by the spammers, with the telco firm struggling to offer a concrete guarantee that they could prevent this from happening again.

"Despite the huge focus Yahoo! puts on email security, spammers are internationally becoming increasingly savvy," Jalfron says.

"Telecom advises its customers to routinely change their password to further reduce the risk of their email account being compromised in any way."

A recorded message from Xtra says the problem is now fixed but that will be little consolation to the customers currently unaware of the breach, begging the question of whether enough was done to alert users in the first place.

"I certainly had no knowledge of any problem," Williams says.

"Xtra do not have the right to keep this information from customers because we need to know if their system has been breached - especially as its our data as risk."

Please revisit the article through out the day as comments from both customers and companies affected will be updated.

Have you been breached? Tell us your thoughts below


comments powered by Disqus