Webmail Security Breach

Article posted by dhookham on Tuesday, 15-May-2007 22:28 PM

Following an attack on the webmail system, PlusNet implemented a fix on Wednesday 9th May to block a vulnerability. Unfortunately, it appears that there were a number of outcomes from the attack which were not immediately identified.

1. Users accessing webmail may have been exposed to a trojan. Although this will have been ineffective on fully patched Windows machines running regularly updated antivirus software, there is a possibility that some users were affected. PlusNet have contacted any affected user today.
Non-Windows users will not have been affected.

2. A list of email addresses was harvested from the webmail platform, and put into use by one or more third parties to send spam. These addresses include the user's own webmail address as well as email addresses used previously and entries in the online address book.

3. Users who connected to the specific webmail server that was attacked may have had their login details skimmed. Although the purpose of the attack seems to have been simply to harvest email addresses, we would advise anyone who has used webmail to change their account password as soon as possible as a precaution.

Further details are available here.

The PlusNet UserGroup are worried to see another security incident so soon after the problem with the portal forums earlier in the year. Once PlusNet have investigated the circumstances surrounding this incident, PUG will be pressing for better security audits to be performed as we do not believe it is acceptable for frequent breaches to occur.

An update to this story will be posted here as information becomes available.

PlusNet plan to publish a full report of the incident on Friday 18th May.
Article last edited on Monday, 21-Jan-2008 20:54 PM