Telecom CEO Simon Moutter has ruled out compensation over the Yahoo Xtra security breach and phishing attack.
On a results conference call earlier today, Mr Moutter was asked if there would be any compensation credits.
He said there would not be any dished out (some pundits have suggested credit in the form of a month's free internet access).
Telecom was sorry about the incident, and Mr Moutter had talked directly with Yahoo's CEO. But cyber attacks were a fact of modern life, and Yahoo's webmail was a general service used by those beyond Telecom (although Telecom has branded it Xtra in its case).
Separately, Telecom has again sought to draw a line under the incident, saying its customers are no longer compromised.
On Saturday Telecom cancelled the existing passwords of approximately 87,000 accounts that were sending spam after a cyber attack. Since then more than 65,000 users have changed their passwords. The balance has been identified by Telecom as having been inactive for at least 90 days before the attack, the company says (see full statement below).
Mr Moutter sheepishly admitted he was one of those who clicked on a "phishing" link, leading to his contacts being scammed.
But some, including government-funded NetSafe and the Institute of IT Professionals NZ, are more worried about the separate, direct security breach of Yahoo's mail servers could have lead to address books and email being downloaded for use in a future attack.
A graphic example of the fact phishing emails weren't just sent from the accounts of people who clicked on rogue links: One NBR reader received an email sent from the account of Capital & Merchant Finance director Neal Nicholls, currently jailed with no internet access.
Telecom and Yahoo say there is no evidence that happened. The Institute has countered that there isn't any evidence that did not occur.
Time will tell.
Mr Moutter's comments about cyber attacks being a fact of modern internet life notwithstanding, Telecom has launched a review of its email partnership with Yahoo.
RAW DATA: Telecom statement
TELECOM CUSTOMERS NO LONGER COMPROMISED FOLLOWING CYBER ATTACK
Telecom’s Yahoo! Xtra active email customer base, whose accounts were compromised due to a cyber attack, have now changed their passwords.
On Saturday Telecom cancelled the existing passwords of approximately 87,000 accounts that were sending spam after a cyber attack. Since then more than 65,000 users have changed their passwords. The balance has been identified by Telecom as having been inactive for at least 90 days before the attack.
Telecom CEO Retail, Chris Quin, says the majority of the users who were impacted made the changes required online by following detailed steps on Telecom’s website.
“We really appreciate the patience our customers have shown during what we know was a hugely stressful and inconvenient time for them. We share our customers’ frustration which is why we are conducting a thorough review of this situation. In the meantime, we continue to urge everyone to regularly change their passwords, not just those who have been impacted by this incident.”
All Telecom broadband customers receive a complimentary Yahoo! Xtra email account as well as other benefits such as a free Flickr Pro account for managing photos and video content.
Mr Quin says Telecom’s broadband customer base has remained stable despite the cyber attack and the team are working hard to ensure that does not change. “Most customers understand that their email and broadband account are not mutually exclusive.”
Yahoo! NZ general manager, Laura Maxwell-Hansen, says, ““Yahoo! places considerable focus on email security and we have and will continue to work hard to minimize the impact of cyber attacks.”
- Telecom has 450,000 broadband customers.
- Yahoo! Xtra email is offered free of charge to all Telecom broadband customers.
- The majority of compromised customers changed their passwords themselves, mostly online.
- The balance has been largely identified as inactive or infrequently accessed, meaning they had not accessed their email account for 90 days prior to the attack. These accounts will continue to have temporary passwords on them and the account holders will have to change their passwords before they are able to access the accounts.
- Telecom plans to contact those remaining account holders to ensure accounts are re-secured or closed.
- Yahoo! has assured Telecom that there has been no evidence that email accounts were accessed for any other reason than to send spam.