In reply to:
From the logs we can see who logged in to webmail and to which server. From that we made a list of those who logged into the affected server during the time and those were emailed.
Either the email hasn't gone out yet - or they've cocked this up as well. I definitely logged into a compromised server and haven't been sent an email
I've contacted them to see what they say ...
In reply to:
Sounds like you only need to change the password if you get the 'trojan' email. That's if you can distinguish the trojan email from the spam
Just to be clear the trojan that's being talked about wasn't delivered in an email - the hacker modified the HTML of the webmail interface so that your browser would try to download a trojan file as part of the page ...