Telecom's email users continue to be plagued by cyber-attacks after the company admitted they have suffered their third attack today.
Telecom reported this morning, about 1500 accounts which did not have their passwords changed after the earlier hackings, were affected by the latest breach on the Yahoo! Xtra email server.
Telecom has admitted this morning about 1500 accounts which did not have their passwords changed were hacked earlier this week.
Yahoo! which runs the email service for Telecom, identified the additional accounts were potentially compromised by spammers on Monday and Tuesday this week.
On February 9, 87,000 Yahoo! Xtra email accounts, out of the 450,000 total accounts, were compromised as part of a cyber-attack.
The accounts being misused by spammers was first noticed when Yahoo!'s email servers sent out hundreds of spam emails to users' contact lists forcing Telecom to cancel 60,000 passwords for compromised accounts, where spam emails were sent to contacts in their address books.
Telecom head of external media Jo Jalfon continues to urge Yahoo! customers their passwords after confirmation of an increase in the usual volume of compromised email accounts.
She says Telecom has moved immediately to cancel the passwords of the additional compromised accounts with affected customers needing to log back into their email accounts and change their passwords before they can continue using their accounts.
“While this is higher than usual, on any given day up to 100 accounts are tagged as compromised - due to a range of factors such as the account holder clicking on a malicious link, having poor email security - and the reality is that this issue is now a fact of life given the global nature of the internet and the increasingly sophisticated tactics of spammers and cyber criminals.”
Emails will still be received while their accounts are locked but they will not be able to send until they change their password.
Yahoo! continues to assure Telecom that there has been no evidence that email accounts have been accessed for any other reason than to send spam.