back to article PlusNet blames itself for webmail spamfest

PlusNet has accepted blame for its latest email blunder, having previously fingered vulnerabilities in third party webmail software for last week's security flap. The Sheffield-based ISP admitted late yesterday that it was its implementation of @Mail's webmail code which exposed thousands of subsciber email addresses and …

COMMENTS

This topic is closed for new posts.
  1. Tom Melly

    Blames itself? Well, sort of...

    ...but you had to read between the lines.

    They refer to "A vulnerability within our implementation of Webmail", but, IMHO, this is hardly the most direct way of putting it.

  2. Anonymous Coward
    Anonymous Coward

    PlusNet Blames Itself

    As a PlusNet customer, I'm sure I speak for many when I say that we blame them too!

  3. Jolyon

    Just webmail or more insecurities?

    The address I am getting spammed on is the one I used to sign up to PlusNet's services.

    It is not in a PlusNet hosted domain and if I have ever used PlusNet's webmail service it would not have been to check mail delivered to this address.

    I have never used the address for anything else.

    If a flaw in the webmail system allowed access to this address why not all the other data I used when signing up?

  4. Anonymous Coward
    Anonymous Coward

    Re: Just webmail or more insecurities?

    Apparently, the server affected had past and present account/user/mailbox names, and for some reason even those of people who had never used the webmail service. Address and financial details are kept on separate servers (as reported by PN) and the logs pertain to show that no hopping between servers took place (again, as reported by PN).

  5. Anonymous Coward
    Anonymous Coward

    Re: Just webmail or more insecurities?

    As a result of this break in, I am being spammed on non PlusNet addresses, too.

    I do not believe that it is just the webmail details that were broken into. I suspect that what they got into is the log for the police of every email address to which I have sent email, or from which I have received email.

    Of course Mr Home Secretary (whichever one you are this week) all the data that you require will be kept absolutely secure! ID Cards? No I promised I wouldn't swear!

  6. Anonymous Coward
    Anonymous Coward

    Bugger

    Like some other people have mentioned in the other comments I took advantage of having a domain name and used different email addresses on each web or company signup so I could figure out any company that had slipped my email address to spammers. It's a great strategy meaning Outlook junk mail rules dump anything not sent to my whitelist of addresses - except that having used the web interface as well as pop3 I'm now getting spammed on those addresses.

    This is just the last straw after spammers started using my domain as a fake "from" and thus I get all the bouncebacks, spam warnings and also some of my email gets filtered by stupid basic domain blocking (even though none of the spam actually came from plusnet or my IP addresses).

    I'm dumping the domain (with all the hassle of letting all my friends know and changing all my signup addresses) and I'm dumping PlusNet.

  7. Slinknet

    PlusNet Email Compromise

    I think it's high time that PlusNet owned up to their responsibility in the recent hack attack in which customers email accounts and address books were stolen, and offerred compensation to those that are now stuck with all this spam. Many of us are unable to alter email accounts from the address book as they are work accounts. The response form this company falls far short of sufficient.

This topic is closed for new posts.

Other stories you might like