Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Communications Spam Yahoo! Technology

Widespread Compromise Of Yahoo-Backed Email In New Zealand 47

First time accepted submitter Bitsy Boffin writes "Xtra, the largest ISP in New Zealand, which outsources email provision to Yahoo, has in the last two days been subject to a widespread email compromise, causing potentially thousands of accounts to send spam messages to every address in their webmail address books. Discussion at Geekzone centers around this potentially being a continuation of the Yahoo XSS exploit. While Telecom NZ, the owners of Xtra internet service provider indicate that the problem was "resolved", reports of spam from its members continue unabated. Telecom NZ are advising those affected to change their passwords."
This discussion has been archived. No new comments can be posted.

Widespread Compromise Of Yahoo-Backed Email In New Zealand

Comments Filter:
  • by Anonymous Coward
    I have a bellsouth.net dsl account email address and I have seen spam originating from my own account sent to all addresses in my contact list. Something majorly borked at yahoo.
    • I have been getting a *ton* of spam emails the past couple of days from some of the following domains which appear to be handled through Yahoo...
      • .
      • bellsouth.net
      • swbell.net
      • att.net
      • snet.net
      • sbcglobal.net
      • ameritech.net

      It's basically a random message with a URL attached... many of them .ru domains. They're being sent to the .mac account that I've had since whenever it was .mac was originally started. There were a one or two initially starting back around Wednesday and it's become about 10 a day the past couple

    • Comment removed based on user account deletion
  • remember! (Score:5, Funny)

    by Anonymous Coward on Sunday February 10, 2013 @09:47PM (#42855095)

    Remember, the original concept of the internet as a peer to peer network was a bad idea. Centralizing to just a handful of services is a good idea, and we should all use the cloud for everything, because that has no drawbacks.

    • I see what you did there. I don't have mod points here though.
    • Of course, decentralization has its own drawbacks. Remember when SMTP servers would happily forward mail on behalf of any connecting client?
  • by Smurf ( 7981 ) on Sunday February 10, 2013 @09:50PM (#42855109)

    I wonder if it's a coincidence that in the last three or four days I started to receive a lot more spam to my Yahoo mail address. By "a lot more" I mean three or four times more than what I was receiving a week ago each day.

    I don't have any relation with anyone in New Zealand, so my guess is that it's indeed just a coincidence. But still the timing makes me wonder.

    • by viperidaenz ( 2515578 ) on Sunday February 10, 2013 @09:52PM (#42855127)

      or the New Zealand Yahoo is not the only one compromised, just the only one to admit it.

      • or the New Zealand Yahoo is not the only one compromised, just the only one to admit it.

        Two of my friends on Facebook were talking about spam originating from their Yahoo! accounts yesterday and I received a spam from a third (or, I should say one made it through my spam filter). None of them have any ties to New Zealand, as far as I know.

        • Once in the yahoo proverbial back door, I wouldn't be surprised if they got more. I don't know what yahoo's architecture is like though.
        • by hawguy ( 1600213 )

          or the New Zealand Yahoo is not the only one compromised, just the only one to admit it.

          Two of my friends on Facebook were talking about spam originating from their Yahoo! accounts yesterday and I received a spam from a third (or, I should say one made it through my spam filter). None of them have any ties to New Zealand, as far as I know.

          My Yahoo account was hacked a month or so ago - I had a 12 character password including mixed case (in non-obvious places), digits and a special symbol, so i don't think the password was brute forced... I think they have a bigger problem than they have admitted.

      • Not just xtra.co.nz, but also yahoo.com, yahoo.com.au even ymail.com
      • Yeah, something like that. This was going on months ago with pacbell.net/sbcglobal.net/att.net/yahoo.com addresses, a little before that with yahoo.de addresses and has been recurring as the spammers discover another XSS exploit in Yahoo's amazing web pile. "The Yahoo XSS exploit" really understates the case. I think Yahoo fixes them, but they've got a lot of code to churn through and I doubt anyone really knows what all is in there.

        The one I looked at was an e-mail with one-line body urging me to check
      • I think it's much more likely that this problem exists for more than just New Zealand's yahoo servers. A couple years back I deleted my rarely-used Yahoo account because I got a hacked email sent to my common email address from it (as did others in my address book). I hadn't been logged in for quite some time, and I had a very secure password. Whatever the security flaw was, I really don't think it was at the user end (I consider myself to be pretty adept at computer security), and I didn't want any part o
  • by Anonymous Coward

    Telecom NZ phased out the xtra branding many years ago...it only lives in email addresses....hence why it's referred to in this story I guess :)

    • Heh, I think it could probably be said they unsuccessfully phased it out years ago. Most people around here when you say Telecom Broadband would say "oh you mean xtra" :-)
  • A Yahoo customer is reported by TFA saying

    The spam from my own address must be generated on the telecom/yahoo server as there is no other way it can happen

    It is shockingly easy to spoof sender e-mail address. I do not expect any Yahoo user to know it, but the journalist that quoted this person should know that, and mitigate this claim of Yahoo server breach

    • by Bitsy Boffin ( 110334 ) on Sunday February 10, 2013 @09:59PM (#42855179) Homepage
      The headers of all these SPAM messages indicate traversal from the Yahoo SMTP servers, and the SPAM were targetted specifically at people in the victim's address book. It wasn't a simple Joe Job.
      • Sure, but the customer quoted in the article just talks about sender e-mail address.
        • I have personally seen too many SPAM emails that were sent using compromised Yahoo accounts, and yes -- they really were handled by Yahoo's servers (and, no, I don't have a Yahoo account -- it wasn't my account that was compromised).
      • by MobileC ( 83699 )

        Not just address book.

        I had mail sent to everyone in my Sent Items too, so they were trolling all the folders for addresses.

  • by Bitsy Boffin ( 110334 ) on Sunday February 10, 2013 @09:57PM (#42855151) Homepage

    http://www.stuff.co.nz/technology/digital-living/8287236/Xtra-email-accounts-compromised [stuff.co.nz]

    The company initially blamed a deluge of compromised accounts on a successful phishing attack, saying customers were tricked into clicking on scam emails, but has now acknowledged a "second attack" that was outside customers' control.

    "We understand from our own technical investigations that the security of some YahooXtra email customer accounts may have been compromised, making it possible for emails to be sent from these accounts without the customers' knowledge," the company said in a statement.

  • by NewtonsLaw ( 409638 ) on Sunday February 10, 2013 @10:22PM (#42855335)

    I got hit by this last week and blogged about it [aardvark.co.nz], griping that surely a company with the resources of Yahoo should be able to fix such a critical flaw faster than seems to be the case.

    It would appear that Yahoo is happy to announce "fixexd" while the hackers simply exploit yet another hole in the company's shaky cloud.

    Tragic.

    Would Google be so lax in sorting out what is clearly a very critical issue that is affecting a large (and rapidly growing) number of users?

  • by Anonymous Coward

    I tried to contact yahoo about spam from their servers.

    The email listed in their ARIN record doesn't work

    Abuse@yahoo.com points you to some stupid website

    and there's no way to contact anyone through that, or they turned it off.

    The above should be a criminal offense.

  • by sdnoob ( 917382 ) on Sunday February 10, 2013 @11:52PM (#42855743)

    is that you have someone else to blame when things go wrong.

    The bad thing about outsourcing....

    when things do go wrong, there's usually more than enough blame to go around, and you look bad too anyway.

  • by Anonymous Coward

    The only thing that could be regarded as surprising is that this did not happen sooner. Xtra is shit and Telecom are fucking clueless. This vuln was raised last year and Telecom sat around with their heads their asses to their shoulders. But the void of clue flock to them, believing the advertorial bullshit. They are the AOL of New Zealand, only worse.

  • I just sent this to a friend who uses Yahoo. His email was broadcasting spam late last week. He thought it was his PC but maybe not...

  • http://www.youtube.com/watch?v=GJsMRDyC9eY
    "This video has been removed as a violation of YouTube's policy on depiction of harmful activities. "

    One could repeat the very first comment about centralised services here too.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...