Widespread Compromise Of Yahoo-Backed Email In New Zealand

First time accepted submitter Bitsy Boffin writes "Xtra, the largest ISP in New Zealand, which outsources email provision to Yahoo, has in the last two days been subject to a widespread email compromise, causing potentially thousands of accounts to send spam messages to every address in their webmail address books. Discussion at Geekzone centers around this potentially being a continuation of the Yahoo XSS exploit. While Telecom NZ, the owners of Xtra internet service provider indicate that the problem was "resolved", reports of spam from its members continue unabated. Telecom NZ are advising those affected to change their passwords."

bellsouth.net accounts too

I have a bellsouth.net dsl account email address and I have seen spam originating from my own account sent to all addresses in my contact list. Something majorly borked at yahoo.

Additional Media Article, Confirms Compromise

[Bitsy+Boffin]

http://www.stuff.co.nz/technology/digital-living/8287236/Xtra-email-accounts-compromised

The company initially blamed a deluge of compromised accounts on a successful phishing attack, saying customers were tricked into clicking on scam emails, but has now acknowledged a "second attack" that was outside customers' control.

"We understand from our own technical investigations that the security of some YahooXtra email customer accounts may have been compromised, making it possible for emails to be sent from these accounts without the customers' knowledge," the company said in a statement.

Re:Spoofing sender e-mail address

[Bitsy+Boffin]

The headers of all these SPAM messages indicate traversal from the Yahoo SMTP servers, and the SPAM were targetted specifically at people in the victim's address book. It wasn't a simple Joe Job.

Re:Related to huge spike of spam?

[pepty]

They didn't get your password, a service Yahoo set up for developers conveniently allows hackers to get your session cookie. For whatever reason, they haven't patched it.