Telecom NZ cancels 60k Yahoo Xtra passwords amid attack

Summary:In addition to the 15,000 password resets it has already issued, Telecom NZ has cancelled another 60,000 as a precautionary measure.

Telecom New Zealand has started cancelling the passwords of about 60,000 Yahoo Xtra email accounts that it believes have been compromised following an online attack.

The users will need to enter new password information when they log in to their email account.

The 60,000 customers affected by Saturday night's password cancellation are additional to the 15,000 customers that Telecom has been contacting following last weekend's attack.

The move is aimed at protecting email customers and preventing information in emails being accessed. There is no evidence that this has occurred.

"We're taking this matter very seriously, and urge those whose passwords have been cancelled to create new passwords," Telecom retail chief executive Chris Quin said.

"However, it's advisable for all others that have not changed their password to do so immediately." This should be done on computers and mobile devices.

"We continue to be sorry for any distress caused or inconvenience this has caused, and reinforce that in today's online world, regular password changes are an important need."

Telecom has not revealed how the previous accounts were breached, but Yahoo's email system was targeted earlier this year in a related attack. At the time, attackers used a vulnerability in its developer blog that had not been patched for eight months .

Although this vulnerability has been closed, many Yahoo members still appear to be sending the "work from home" emails that were part of the original attack on Yahoo, without their knowledge. This indicates that scammers still have access to a number of accounts from the attack using the developer blog, or that they may have found a second vulnerability.

Michael Lee contributed to this report.

Topics: Security, New Zealand, Telcos

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.