PJC Journal :: PlusNet email accounts raided again.

Main Page

Photos

Archive

Enabling ID Fraud

Libertarian Party

This Month

Month Archive

July 2007
June 2007
May 2007
April 2007
March 2007

Year Archive

2008
2007
2006

My blog is worth $211,137.96.
How much is your blog worth?

Should you like what you read here at PJC Journal and would like to assist with the running costs associated with this blog, please feel free to donate to its operation.

Recent Visitors

Yokel - Sun 05 Oct 2008 19:49 BST

zappa88 - Fri 19 Sep 2008 20:54 BST

Harry Hook - Wed 03 Sep 2008 01:31 BST

drug_treatment_center - Mon 01 Sep 2008 12:53 BST

IanPJ - Thu 21 Aug 2008 01:55 BST

Main Page » Enabling ID Fraud

Previous:	FSA fines BNP Paribas £350,000 for anti-fraud failures
Next:	Halifax investigated by ICO for binning customer details

PlusNet email accounts raided again.

by IanPJ on Tue 15 May 2007 22:41 BST | Permanent Link | Cosmos

ISP PlusNet has had its email database stolen and its users' accounts bombarded by spammers, AGAIN!.

The attack first surfaced yesterday, when PlusNet punters reported that previously spam-free email addresses were being filled with unsolicited discount pharmacy marketing. Some forum posters report that a few of their webmail contacts have received more spam too.

In a statement, BT-owned PlusNet said: "It has come to our attention that a number of customer email addresses have been obtained illegally by a third party. We are in the process of contacting all affected customers in order to inform them of the incident and of any steps they need to take to ensure that their internet connections and computers are safe.

"We regret that this has happened but are confident that we have resolved this issue and will monitor the situation closely to ensure that the effect is minimised and the issue does not reoccur."

PlusNet has not revealed whether it has been hacked or if the data was obtained illegally some other way.

The news is a huge blow for PlusNet, which recently completed migration to a brand new £250,000 NetApp email platform. The last time accounts suffered from a spam attack was this April, mid-way through migration, at which time the firm said its new hardware would remedy its email problems. (source)

One unlucky PlusNet user contacted PJC Journal to confirm that they had received a comfort email from BT/PlusNet to advise that they have assembled a task force to address the issue that includes a board director. They are requesting that people do not contact customer services about it, as they are trying to contact those affected.

It would appear that PlusNet have a very lax email creation policy, which allows email addresses in the form of anythingyoulike@username.plus.com, so one can make up lots of throw away addresses, which would only go to hinder any enquiry to identify who had the lax security! Almost sounds like a spammers paradise.

There is also speculation amongst users as to whether the legally required data retention areas of the PlusNet system have been hacked, releasing details of users sent and received emails.

There have been warnings by many security experts that this would eventually happen and that the keeping all of your eggs in one basket method is inherently dangerous.

There does need to be a full and detailed report from the task force, an undertaking to the users of this service that PlusNet will take responsibility for its lack of security, and a considerable investment made in tightening up that back end security.

For its lack of due diligence in securing customer details, this organisation may be an ENABLER of ID fraud.

Keywords: emails, plusnet, hacking, fraud, ISP, ID

Posted to:

Enabling ID Fraud

Comments