Reports of Spam Email (42837) - UPDATE


Posted on: Tuesday 15 May 2007, 15:44

This is an update to the previously reported issue regarding the increased volume of unsolicited email being sent to some customers' mailboxes. A copy of the last update can be seen here:-

We are currently dealing with a serious security incident that has resulted in a third party illegally accessing our Webmail database. The third party has acquired a list of email addresses for the purpose of distributing unsolicited email (spam).

We take the security of our customers' information very seriously and would like to reassure customers that the incident is being handled with the utmost importance and that at this stage in the investigation we believe no other personal information, including credit card details, has been disclosed.

We would like to assure customers that our incident team are working around the clock with the relevant authorities in order to resolve the situation. We have conducted a full platform audit and our network and software engineers are currently taking a number of actions to minimise any further risks to customers.

We became aware of an attack on Wednesday 9th May 2007 and immediately took our Webmail service offline to secure the platform. We promptly identified the source of the vulnerability and implemented a fix to prevent further attacks. We will provide full details on the vulnerability and actions taken in the incident report which we aim to publish on Friday 18th May 2007. At present we are working with our vendors and legal authorities so cannot expand further on this.

As a result of the attack a small number of customers may have downloaded a Trojan virus. This will only have affected un-patched Windows PCs with no anti-virus software installed. We are contacting affected customers by phone and email. If you have not received an email from PlusNet customer support today regarding this, your PC is not affected. However we always recommend customers have fully up-to-date Windows software and anti-virus software.

On Sunday 13th May 2007 we received reports that customers were receiving spam emails to addresses that had not previously received spam. Following investigation of these reports it became apparent that a third party had illegally acquired a list of email addresses. This list was obtained from our Webmail platform and includes accounts that customers have used to login to Webmail, as well as some email addresses contained in customers' online address books, and addresses customers have sent to using our Webmail service. It is possible that your email address may have existed in the Webmail database even if you had not used the Webmail service yourself.

This list is now being used to distribute spam email which continues to be sent to customers, and it is likely that this will continue.

One of six @Mail servers was attacked and it is possible that customers connected to this server during the incident, may have had their login details observed. Purely as a precaution we advise customers to change their account password by visiting our website Please note if you change your account password this will need to be updated in your router or modem as well as your browser and email software.

We would like to sincerely apologise for the inconvenience to our customers and thank you for your patience whilst we continue to investigate and resolve this incident.

Further details will follow as they become available and a full incident report will be published on Friday 18th May 2007. In the meantime we would like to ask that you avoid contacting our Customer Support Centre regarding this issue as no further information is available at this time, we will provide all information that we have via Service Status and emails to customers.

Kind Regards,

Phil Webb
Networks Director

Return to Index