Slashdot Mirror

← Back to Stories (view on slashdot.org)

ISP Closes Webmail After Spammers Get Addresses

Posted by CowboyNeal on from the simplest-solutions dept.

An anonymous reader writes "Error prone British ISP PlusNet, who you might remember for accidentally deleting 700GB of customer's e-mail last year, have done it again with a major security gaffe. Their webmail service was compromised this week, and spammers got hold of customers' e-mail addresses who they've been happily spamming away ever since. They've since made the decision to close their webmail service, in the ultimate admission of incompetence for the now BT owned ISP. In an e-mail to their customers, Network director Phil Webb goes on to recommend that their customers install security software, along with telling them that they shouldn't call up to complain. One might suggest that they need to practice what they preach."

23 of 142 comments (clear)

  1. Erm ? by mewt · · Score: 3, Funny

    Oh well who needs email anyway ?

    1. Re:Erm ? by owlnation · · Score: 4, Funny

      Old people. In Korea.

  2. Not surprising by Zelos · · Score: 4, Informative

    Not all that surprising, this is a company whose account password policy is 5-8 characters, all lower case, no non-alphanumeric characters. I've been with plus.net for ages, they seemed fantastic after my truly awful experiences with Demon, but they've been much worse recently - they broke routing recently so that I couldn't connect to my work VPN for days. Anybody recommend any other decent UK ISPs? I hear good things about Pipex.

    1. Re:Not surprising by russasaurusRex · · Score: 2, Informative

      Recommend another ISP? Sure. I've used Freedom2Surf for just over 4 years now and haven't had a problem with them once.

    2. Re:Not surprising by glesga_kiss · · Score: 2, Informative

      If you live in a Virgin (NTL) area, I'd recommend their connection. I've had it for 6+ years, very few outages. Got the 10 meg one at the moment, get full speed whenever the remote site allows.

    3. Re:Not surprising by easyTree · · Score: 2, Informative

      Then there's this (I shit you not) - please bear in mind that I'm not a Pipex customer, nor have I been during the last *five years*:

      --
      Dear Sir or Madam

      You may have noticed that we have not fully charged you for your Pipex services to date. This means your account has an outstanding balance of £46.88, which we plan to take payment for through debiting your credit card on or around 25th May 2007.

      We're really sorry for this mistake, which was caused by a problem with our internal systems not identifying when payments were due at the time. This is now fixed and we assure you that once we have collected the outstanding amount you will be fully up to date with all payments and we won't trouble you again with this matter.

      If you think we have got this wrong or would like to discuss this matter please do call our Credit Control Team on 0800 107 5905. Our office opening hours are Monday to Saturday 8am-9pm.

      Once again, please accept our apologies for any inconvenience this may cause.

      Yours sincerely,

      John Cox
      Associate Director of Credit
      Pipex Credit Control
      --

      --
      Requiem for the American Dream
  3. Waiter, Can I have the bill please? by jamesjw · · Score: 3, Insightful

    Honestly, if this happened to me, not only would I feel it my right to complain but to also seek out a new ISP.

    Nothing completely short of complete incompetence!

    --
    -- If at first you don't succeed, lie!
  4. How your post reads - at a first glance by carpe_noctem · · Score: 2, Funny

    Why should we expect anything more than incompetence from shelleytherepublican.com? They probably run the inferior shelleytherepublican.com software anyway. Their lack of morals and shelleytherepublican.com is something only satanist democ-rats and shelleytherepublican.com could empathize with.

    While their Great Leader, shelleytherepublican.com, was in power, we could trust our oldest allies to loyally support our victory against the Iraqis, but alas, no more. I believe the only real solution is to liberate this backward nation, before it becomes a threat to our shelleytherepublican.com and forces us to use communist European shelleytherepublican.com.

    (With special thanks to the /. auto-linking URL system)

    --
    "Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
  5. They sent an email to their customers?! by Rik+Sweeney · · Score: 5, Insightful

    Their webmail service was compromised this week, and spammers got hold of customers' e-mail addresses who they've been happily spamming away ever since. They've since made the decision to close their webmail service, in the ultimate admission of incompetence for the now BT owned ISP. In an e-mail to their customers...

    It's unlikely they'll actually be able to read this email given the fact that they're now drowning in spam...

    --
    Summation 2
  6. Lost emails by SuperGT · · Score: 5, Insightful

    I always worry about this. I use my gmail account as a sort of backup, just in case my laptop decides to fail. And I also keep loads of emails there with important information I may need later. I treat it as my safety net, but what if this was to happen? I understand that google and this ISP are probably years apart (as far as security and technology), but it still makes you wonder. Now I feel like making a backup on a thumbdrive, saving it on a dvd-r, etc.

  7. units, people, watch your units. by mapkinase · · Score: 3, Insightful

    "700 Gb" does not seem much (divide by gmail box size and you get the number of 200 maxed out beefy gmail users), because it is an idiotic measure of stolen goods. "X raped whopping 500 women pounds", "Y stole 4500 banknotes from the bank", "Z trespassed 100 feet of my property".

    Reminds me of the Russian cartoon for kids, where different animals measure their sizes relative to the sizes of other animals, and in the end the Python says "I am much longer in Kakadoo than in Elephants".

    --
    I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
  8. Security software by Mostly+a+lurker · · Score: 3, Insightful

    Network director Phil Webb goes on to recommend that their customers install security software, along with telling them that they shouldn't call up to complain. One might suggest that they need to practice what they preach."
    A few comments:
    1. They almost certainly were using security software. The problem is that it is awfully difficult to judge effective security software from the much more common snake oil that is out there.
    2. There is a decent chance that the breach was not the fault of the security software but some kind of human error. They probably made the common mistake of assuming all they had to do was install firewall, intrusion detection and anti-malware tools and they were magically fully protected.
    3. This kind of event will probably become commonplace. There is a lot of money to be made, the crackers are technically more competent than much of the sysadmin community, and they only need to attack at the weakest points.
    1. Re:Security software by Serious+Poo · · Score: 2, Insightful

      No offense intended, but when you say "almost certainly", "there's a decent chance", and "will probably" that means that you don't really know and are making assumptions and/or generalizations. I'm not so forgiving in my view of this ISP's actions - it appears that they messed up big time. While I completely agree that there's a lot of FUD in the security marketplace these days, it's the responsibility of management to hire people who know this stuff cold. People who know that it's "People, Process, and Technology" - in that order. Any company that goes and implements Technology (i.e., a security product) without first considering People (e.g., training & hiring competent people) and Process elements (e.g., adequate supporting policies, procedures, security architectures, reviews/audits) is at considerable risk of failing by design. Companies that make money from processing/storing/selling/brokering people's sensitive information have a responsibility to safeguard their customer's data. This ISP appears to have failed in that regard.

      --
      "There is nothing more unequal than the equal treatment of unequal people." - Thomas Jefferson
  9. This is *not* a solution! by The+tECHIDNA · · Score: 2, Insightful
    From PlusNet's letter:
    In the meantime, if you use Webmail to check your PlusNet email from your own PC, you might find it more convenient to use an email program which runs on your PC instead.

    So let me get this straight: PlusNet's closing down the WebMail service, but leaves the main e-mail server running, so

    (1) the spam still comes in to the e-mail addresses
    (2) users now cannot access via their Internet Browser and must use an e-mail client which may not filter spam as well (or sometimes at all)

    Brilliant!
    Who's running this company -- Moe, Larry, or Curly?

  10. The same Freedom2Surf that were bought by PIPEX? by TheScienceKid · · Score: 4, Informative

    PIPEX are looking to be bought out. Maybe by tiscali.

    Get a real ISP, like Black Cat Networks or Andrews and Arnold Ltd. Alternatively, UKFSN (an Enta.net reseller) are pretty good, if you're tighter around the pocket.

    [Captcha: protests]

  11. I understand other BT costumers aren't happy... by Bananatree3 · · Score: 2, Funny

    Like, um...this guy.

  12. Data Protection Act? by Phil246 · · Score: 4, Insightful

    Customers of this ISP may want to check to see if they can take action against them under the data protection act.
    in particular, the sections:
    "Personal data should be securely kept, and not transferred to any other country without adequate protection."
    and
    "Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."

    ( http://en.wikipedia.org/wiki/Data_Protection_Act )

    1. Re:Data Protection Act? by Peet42 · · Score: 2, Informative

      It's a pretty sad state of affairs. I used to be with Plus Net, and they used to be really good. I dropped their service when they sacked a lot of their technical guys and hired a premium-rate call centre to handle their technical queries through a very s...l...o...w... script instead of just talking to you on an ordinary national-rate 'phone line to talk to someone who actually knew what was going on. The guys in the call centre used to look at the same web page as I did to find out if there were any problems.

      But the most impressive thing about the article remains the idea that they closed their webmail service, and then emailed their users to tell them...

  13. Re:I'm one of the victims... by Anonymous Coward · · Score: 2, Informative

    I've been with PlusNet a long time, they used to be excellent, however as has been observed their service is NOT what it was and is getting worse.. Thanks to their incompetence I am now getting dozens of SPAMs each day on an account that never got any (I keep it to friends and family). All the family have had to turn on SPAM filters for their accounts, and yes that was and is possible if you watch who you give email addresses to.

    This time PlusNet waited days to tell us what had happened. (I assumed a close friend's system had been infected and skimmed, I never even thought the ISP had screwed up).

    Information was the minimum they could pass on, I still have no idea if the SPAMMERs had access to the emails, but I assume they did, fortunately I never pass sensitive data in emails, but a LOT of people treat email as if it was a real letter..

    I think the best part is the pointer to their web site in the email the eventually sent out. It has "Tips on avoiding SPAM".. I read it and somehow they left out "And no matter what you do we can publish your address and all your efforts come to nothing."

    They've not only been throttling P2P (I found it quicker to download the UBUNTU Feisty ISO via HTTP than over Bittorrent!). They are obsessed with pushing you to use their Website rather than calling them. I've always recommended that you don't use an ISP which doesn't have a reasonably priced phone number. My last query on the PlusNet "No Help Now" website was ignored for a week until I *had* to phone them.

    I left BT because of the appalling service and now I am looking to move off PlusNet, fortunately the UK opened up the exchanges so I have a wide choice, it's just a matter of finding one that offers a decent customer support and isn't being ruined by BT.

  14. Re:let me get this straight... by Bert64 · · Score: 4, Interesting

    0845 is _NOT_ local rate...
    It is LO-CALL rate, which is a revenue sharing service. It is charged at the same cost local rate calls used to be in the early 90s, and it is always charged by the minute regardless of your phone service plan. Also, inclusive minutes usually don't count for calls to 0845 numbers.
    BT charge a flat rate of 5p for a 1 hour national landline call at evenings and weekends on their lowest call plan, a 1 hour evening or weekend call to an 0845 number would cost 120p evenings and 60p weekends. BT's higher calling plans (options 2 and 3) charge you nothing for the first 60 minutes to a national number at evenings or weekends (again 0845 arent included) and in the case of option 3, also during the day.

    What's worse is, a share of the call revenue goes to the company operating the number (which is why BT can't offer free calls to 0845) which gives these companies an incentive to keep you on hold.
    In essence, 0845 really is premium rate. It may be a lower per-minute cost than 09 premium rate numbers, but it works in just the same way.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  15. Try Andrews and Arnold by gentry · · Score: 2, Informative

    Andrews & Arnold (http://www.aaisp.net.uk/) have been excellent for me. IPv6, as many IPs as you need, excellent customer service, free domain with a standard ADSL account, unlimited downloads in the evening, IMAP/POP/webmail access with antispam & virus. I've been with them for a few months now and they have been by far the best ISP I have come across in the UK. They do limit usage during the day (I'm on 1GB a month during 0800-1800 Mon-Fri), but over usage is charged in small increments, should you go over it. I'm a pretty heavy user, and I've still not managed to hit my usage limit. If you look on the web site they have an IRC channel where users and staff are happy to help out and answer any questions about the service.

  16. Re:Captcha by Darthmalt · · Score: 2

    Means that his captcha word was "protests". Sometimes the randomly generated words match the story / comment so people post it at the bottom of the comment as an amusing sidenote.

  17. Re:I'm one of the victims... by AndrewM1 · · Score: 2

    They are obsessed with pushing you to use their Website rather than calling them.

    Seems so appropriate