Home   Help Search Groups Login Register  
You are not logged in. To get the full experience of these forums, we recommend you log in or register
Plusnet Usergroup » All Users - The Open Forum » Plusnet Network and Technical Issues » Spam being recieved on Private e-mail addy
Pages: 1 ... 7 8 [9] 10 11 ... 20
  Print  
Author Topic: Spam being recieved on Private e-mail addy  (Read 163005 times)
lmartin

Posts: 1404


Comms Team

« Reply #120 on: May 15, 2007, 04:09:05 pm »

Hmmmm.....

If the spammer didn't use the database for 6 months would we have been informed of this breach?

I think you would.  The same investigations would have taken place, it just may have taken longer to find the answers.  The end conclusion should have remained the same though.  The discussion / reports in the forums would have been the same, only 6 months later.

Liam Martin
PlusNet Comms Team
lmartin

Posts: 1404


Comms Team

« Reply #121 on: May 15, 2007, 04:11:16 pm »

I am confused.
The link provided in the service status says this
Quote
If you change this password you will also need to update the password on your broadband modem or router, or you will not be able to connect to the Internet. This password change does not affect passwords for any mailboxes you have set up.
but the passwords/accounts which have been compromised are from webmail and you need the email password to access that.
So what may have been compromised - account password, email password or both.

Your default mailbox password is the same as your accout password.  Any additional mailboxes that you have setup may be setup with different passwords depending on what you suggest. 

If you are wishing to change your passwords as a precaution, then it would make sense to change the password of any mailboxes that you have logged into webmail with at the time.

Liam Martin
PlusNet Comms Team
RogN

Posts: 21

« Reply #122 on: May 15, 2007, 04:14:17 pm »

Quote

If the spammer didn't use the database for 6 months would we have been informed of this breach?


If that scenario had been true the raider could have continued to collect further information, because PN only knew of the security breach from the spam emails, not from any checks they have made. Customers were only told because they informed PN of it, otherwise, I reckon it would have gone where the last lot of lost emails went.
dusty_bin

Posts: 84

« Reply #123 on: May 15, 2007, 04:21:55 pm »

Regarding this:
Quote
We have also identified that a small number of customers may have been affected by a Trojan virus. There has been no compromise of your personal details or credit card data held by us.
Our records and network monitoring indicate that there is a small chance that your PC may have become infected with a Trojan virus. While we would stress that the threat is minimal, we would ask you to take the following steps in order to ensure that any potential risk to your system is mitigated...
So which 'system'? Is this referring to the machines that might have been used to login to webmail?

Quote
One of six @Mail servers was attacked and it is possible that customers connected to this server during the incident, may have had their login details observed.
This is a different issue from the above, right?


lmartin

Posts: 1404


Comms Team

« Reply #124 on: May 15, 2007, 04:23:56 pm »

Both points relate to the same compromise.

With regards to following the steps given, it would be the systems on which you accessed Webmail, if they were not patched with the latest Windows Updates or protected by up-to-date AV software.

Liam Martin
PlusNet Comms Team
Oldjim

Posts: 1016

« Reply #125 on: May 15, 2007, 04:28:27 pm »

Liam,
It is still not clear.
The service announcement says
Quote
One of six @Mail servers was attacked and it is possible that customers connected to this server during the incident, may have had their login details observed. Purely as a precaution we advise customers to change their account password by visiting our website https://portal.plus.net/my.html?action=change_password&s=0 Please note if you change your account password this will need to be updated in your router or modem as well as your browser and email software.
So are you saying that the email passwords have or have not been compromised also if one logged into webmail from the portal, having already logged in using the account password is the account password at risk as well as the mail password.
Peak1

Posts: 4

« Reply #126 on: May 15, 2007, 04:36:41 pm »

Liam,

If someone has a username and password from the WebMail servers they can then log in to the Member Centre. If this is done they have access to a persons name, address and telephone number as well as the full sort code for their bank/building society if they pay by direct debit. I've just checked and my sort code was displayed in full.

How can we be sure that this information has not been compromised?

Mark
lmartin

Posts: 1404


Comms Team

« Reply #127 on: May 15, 2007, 04:52:13 pm »

Right.  Let me attempt to clarify.

Only one of our six servers was compromised which resulted in the possible spread of a trojan to people that connected to the affected server and whom werent up-to-date with the latest Windows Updates or without adequate AV protection etc....  Additionally, as part of this, it is possible that customers who connected to the affected server during the incident, may have had their login details observed.   So, as a precaution, we recommend changing any mailbox passwords that you may have accessed (if you accessed webmail around or just before we resolved the actual compromise on Wednesday last week.  If it's the default mailbox you use on webmail, then that would be your accout password.

Webmail is completely isolated from all our Sheffield based services, including the Portal servers and our core databases.

Liam Martin
PlusNet Comms Team
Peak1

Posts: 4

« Reply #128 on: May 15, 2007, 04:59:14 pm »

Liam,

If you have your default password observed then this would allow a hacker to login to the Member Centre and therefore access the name, address and sort code!! It doesn't matter that the databases are separate.

Mark
RonSlicker

Posts: 165

« Reply #129 on: May 15, 2007, 05:01:16 pm »

Right.  Let me attempt to clarify.

Only one of our six servers was compromised which resulted in the possible spread of a trojan to people that connected to the affected server and whom werent up-to-date with the latest Windows Updates or without adequate AV protection etc....  Additionally, as part of this, it is possible that customers who connected to the affected server during the incident, may have had their login details observed.   So, as a precaution, we recommend changing any mailbox passwords that you may have accessed (if you accessed webmail around or just before we resolved the actual compromise on Wednesday last week.  If it's the default mailbox you use on webmail, then that would be your accout password.

Webmail is completely isolated from all our Sheffield based services, including the Portal servers and our core databases.

So...   the way I'm reading this is that there is only a problem if you happened to be using webmail at the time (or logging in to webmail)? Is that correct? If I was only using POP then there's no problem?
godsell4

Posts: 397

« Reply #130 on: May 15, 2007, 05:12:10 pm »

it is possible that customers who connected to the affected server during the incident, may have had their login details observed. 

So Liam, if you were using webmail at 'the time of the incident' and logged in as lmartin+privatemail would it be only the password for the 'privatemail' mailbox have been obtained or would they now also have all passwords for lmartin+<anything> including the password for the default account that would allow them access to the PN portal and Member Centre?

SW.

BBYW1/10GB
RogN

Posts: 21

« Reply #131 on: May 15, 2007, 05:12:21 pm »

"around or just before we resolved the actual compromise on Wednesday last week"

So PN knew about this in the middle of last week but only admitted to it when people started  complaining about spam.
lmartin

Posts: 1404


Comms Team

« Reply #132 on: May 15, 2007, 05:24:02 pm »

Liam,

If you have your default password observed then this would allow a hacker to login to the Member Centre and therefore access the name, address and sort code!! It doesn't matter that the databases are separate.

Mark

There is little damage they could do, though.  They could update your payment details but not view all your current payment details.  They could raise a ticket on your account?  We have all sorts of protection in place for suspicious portal logins.  We talked about those when there was the suspected phpbb vulnerability that we patched earlier this year.  (e.g. multiple logins / denied logins / suspicious sources etc.. etc..)

Plus, what value is a password to a spammer anyway?  Even if they did manage to overlook any, it's highly unlikely (in my personal opinion) that they'll keep them.  They wanted to harvest email addresses, clearly, and they've done that now.  Damage done - and now we're paying the price.

I'm not trying to play down the seriousness at all.  But, really, the damage they could do on the Portal is, thankfully, fairly limited.

Liam Martin
PlusNet Comms Team
lmartin

Posts: 1404


Comms Team

« Reply #133 on: May 15, 2007, 05:24:33 pm »

So...   the way I'm reading this is that there is only a problem if you happened to be using webmail at the time (or logging in to webmail)? Is that correct? If I was only using POP then there's no problem?

Correct.

Liam Martin
PlusNet Comms Team
lmartin

Posts: 1404


Comms Team

« Reply #134 on: May 15, 2007, 05:27:39 pm »

it is possible that customers who connected to the affected server during the incident, may have had their login details observed. 

So Liam, if you were using webmail at 'the time of the incident' and logged in as lmartin+privatemail would it be only the password for the 'privatemail' mailbox have been obtained or would they now also have all passwords for lmartin+<anything> including the password for the default account that would allow them access to the PN portal and Member Centre?

SW.

Nothing has been proven, and we're recommending the change as a precautionary measure only at this stage.  However, if webmail was compromised, there is the remote possibility that the password you are transmitting to the server to login (i.e. the mailbox password) could have been overlooked.  As i say, we've seen no evidence that this has happened, however.

It's up to individual preference though.  If you want to be as sure as you can, you should change all passwords.  And you could take it further by making it a habit to change your passwords every couple of weeks or so.  It's up to you - people have varying techniques to deal with online / PC security as best they can.  This is just our recommendation right now that it wouldn't be a bad idea, as a precaution, to change your password(s).
« Last Edit: May 15, 2007, 05:32:41 pm by lmartin »

Liam Martin
PlusNet Comms Team
Pages: 1 ... 7 8 [9] 10 11 ... 20
  Print  
 
Jump to: