Webmail Security Breach - Update

Article posted by dhookham on Monday, 21-May-2007 20:56 PM

Following the malicious third party attack which resulted  in a list of email addresses being obtained from one of the Webmail servers, PlusNet took the the unprecedented decision to withdraw the Webmail service across all of the vISP’s on Wednesday the 15th May. Since then staff have worked around the clock to build a replacement platform for customers using SquirrelMail which they had experience of as it had been used for MetroNet customers. The system went live on Saturday evening. PlusNet have said that this will remain in place for at least the next six months whilst they carry out a full evaluation of possible alternatives.

Meanwhile, some customers are experiencing an increased level of spam, including unwanted mail arriving in mailboxes which were previously spam free. PlusNet are working on a project to provide spam filtering with the aim of reducing the load to their email servers. This project is being rolled forward and it is hoped that a free spam filter will be made available to all customers by the end of May.

Last week PlusNet were at pains to point out to customers other accounts details were not put at risk as the Webmail platform is separate to the systems used for storing personal information. However, they went on to advise customers to change their current password as a precautionary measure. PUG believe that changing your password on a regular basis is a worthwhile practice, irrespective of any foregoing security breach.

This raised a secondary issue in that PUG and many IT professional users consider PlusNet's implementation of an eight character password to be an insecure system. Following strong representation from PUG and the userbase, PlusNet will be enabling the use of stronger strong passwords from Wednesday of this week.

Existing customers will retain their current passwords, however any new accounts or changes to existing passwords will require the creation of an 8-16 character password consisting of characters from the range:

!#$%&()*+,-./:;<=>?@[]^{|}~
0123456789
ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz

PlusNet have posted a FAQ about the incident here

Update

A full report of the Webmail attack incident is available here
Article last edited on Monday, 21-Jan-2008 20:54 PM