More info from Dave Tomlinson on the PN forum:
full post
In reply to:
From the logs we can see who logged in to webmail and to which server. From that we made a list of those who logged into the affected server during the time and those were emailed.
Many of these customers we emailed wouldn't be affected because they were protected from the trojan by either being up to date with Windows updates, having AV software that picked it up or not using an OS that would be affected.
If you didn't get an email then you wouldn't have logged into the affected server. You may still be receiving the spam because your email address was in the database but your PC itself wouldn't have been affected.
Sounds like you only need to change the password if you get the 'trojan' email. That's if you can distinguish the trojan email from the spam
Edit to Add : Not sure about whether their email was sent to those using webmail back to the earliest reported trojan spotting though or just on the 9tth. 4th-5th May I think is earliest one that I've seen. Maybe better safe than sorry if you've used webmail this month!
Edited by TheFlyingGribble (Tue 15-May-07 22:36:13)