"We’re taking this matter very seriously, and urge those whose passwords have been cancelled to create new passwords," Telecom NZ retail CEO Chris Quin said in a statement. "However, it’s advisable for all others that have not changed their password, to do so immediately both on their computer but also on mobile devices and tablets."
"Spammers allegedly exploited a security vulnerability in Yahoo's internal network to gain access to user contact details for customers of Telecom's retail ISP Xtra," writes iTnews' Juha Saarinen. "Hundreds of customers are still being bombarded with spam, some of which come from accounts used by their dead relatives."
"The company initially blamed a deluge of compromised accounts on a successful phishing attack, saying customers were tricked into clicking on scam emails, but has now acknowledged a 'second attack' that was outside customers' control," writes Computerworld's Tom Pullar-Strecker. "'We understand from our own technical investigations that the security of some YahooXtra email customer accounts may have been compromised, making it possible for emails to be sent from these accounts without the customers' knowledge,' the company said in a statement."
"Yahoo! could lose its email outsourcing deal with the telco following the breach, according to a Telecom NZ spokesperson, who indicated the service may be pulled in-house," writes iTnews' Darren Pauli.
"Last night, customers attempting to change their passwords through the Xtra/Yahoo website were advised of delays of up to an hour," writes The New Zealand Herald's Shawn McAvinue.