Spammers stuff PlusNet email accounts (again)
New email platform fails to stop the rot
Gaffe-prone ISP PlusNet has had its email database stolen and its users' accounts bombarded by spammers.
The attack first surfaced yesterday, when PlusNet punters reported that previously spam-free email addresses were being filled with unsolicited discount pharmacy marketing. Some forum posters report that a few of their webmail contacts have received more spam too.
In a statement, BT-owned PlusNet said: "It has come to our attention that a number of customer email addresses have been obtained illegally by a third party. We are in the process of contacting all affected customers in order to inform them of the incident and of any steps they need to take to ensure that their internet connections and computers are safe.
"We regret that this has happened but are confident that we have resolved this issue and will monitor the situation closely to ensure that the effect is minimised and the issue does not reoccur."
The news is a huge blow for PlusNet, which recently completed migration to a brand new £250,000 NetApp email platform. The BT-funded investment was a central plank of the Sheffield-based ISP's plan to recover its reputation following the battering it took in these pages before it was bought out.
PlusNet directors have admitted that under-investment as an independent firm last year led to a seemingly unending series of blunders where data was deleted and angry users cut-off, provoking an exodus from its packages.
The last time accounts suffered from a spam attack, this April, mid-way through migration, the firm said its new hardware would remedy its email problems.
PlusNet has not revealed whether it has been hacked or if the data was obtained illegally some other way. It said it was still investigating the spam attack and would provide more info this afternoon. ®
Just email addresses?
Unfortunately I don't believe that just email addresses were compromised. I can't remember whether it was 2001 or 2002 but back then, criticalmass got righteously hacked. A slowdown in service was reported but it wasn't until many hours later when criticalmass went down that NOC figured out that the slowdown was a DDOS against one of the others to distract from the hacking attempts on criticalmass. They needn't have bothered as neither were noticed.
CS staff were told to keep quiet about the hack and it was reported as a server failure. What was even worse was there was a plaintext list of passwords on each of the cgi servers. A mass email was sent out advising people to change their passwords but leaving out why. A week later it transpired that someone had left the plaintext list on the new server in a web accessible directory so another round of emails about changing passwords went out.
All the while, noone knew that criticalmass had been hacked except staff. Nice. At least this time they are admitting to the hack but is there anything that management aren't admitting to?
Ah! That explains it, then
As I live over five miles from my nearest phone exchange I was rather short'n'curlied when it came to choosing an ISP to provide DSL to my line - the choice was between BT and PlusNet. Having had such abysmal service from BT when I was on dial-up, I chose PlusNet.
'Nothing could be worse than bloody BT' I thought... how wrong I was.
At the time I signed up with Plus, they asked for an alternative email address (alt to the webmail service they provide as part of the package). Foolishly, I gave them my personal Yahoo webmail address.
I've had various Yahoo accounts for years: those that have been used for mailing lists, usenet groups, bulletin boards and so on have inevitably become spam-clogged eventually. But I've guarded the 'personal' one jealously: it's never been published and my correspondents have respected my requests to keep it out of WAB; out of the CC field, and off the web: consequently, despite having used it daily for six years I've very rarely had more than a couple of iffy mails a week in it.
In the past few days my account has been deluged with spam, mostly for pharmaceuticals and software. I was perplexed until I read The Register's story (and the follow-up on the closure of PlusNet's webmail). Not only has PlusNet let spammers nick my PlusNet email address (which I only use to check their billing notification is correct) but they've given the baddies my long-established Yahoo address for good measure.
About the only thing that PlusNet seems to do reliably is bill for their service - though it wouldn't surprise me if they've managed to give my bloody credit card details to the Russian mafia as well.
The spam cock-up is the last straw. I know most ISPs are as bad as each other and, as I said, my choice here is limited. But I'm fucked if I'm going to pay PlusNet another penny - I'd sooner go through the tedious process of transferring the DSL to someone less incompetent. Bastards!
And, of course, had I not been an avid El Reg reader I'd have no idea who the culprit was because PlusNet has not told its customers anything, leaving them to find out by burrowing deep into its crap web portal.
Number 7 in the UK's Most Spam Targetted ISP's...
We have just finished analysing 2 years of spam data and it may be no surprise to some that PlusNet ranked 7th in our chart of the most spam-targeted UK ISP’s...
Looking at our statistics for yesterday we have seen an alarming increase in spam for PlusNet customers - shooting up a massive 62% against the same period last week
The worrying thing about this is that it appears that some of the targeted email accounts have not been used for several months. This could be a sign that the email addresses have either been stolen by hacking into the PlusNet systems or even sold to the spammers by an insider.
Spam gangs are now targeting UK ISP's much more effectively using new techniques that are easily able to by-pass standard spam filters. The cost of these attacks to the ISP can be enormous - they clog up mail servers, slow down customers Internet access and can cause physical damage to customers computers if they contain Viruses or Trojans.