Unfortunately there does seem to be a lot of confusion floating around.
The way I read it so far is:
If you don't get an email from the first batch then you never used to webmail service during the timeframe the hack occurred unlikely to be affected by the trojan.
The second batch of emails is along the lines of you didn't use webmail during the timeframe but have had you email address harvested hence the spam
And finally an email to everyone saying sorry, hopefully with this is what went wrong, this is what damage it has done and this is how we are going to manage the risk in the future.
Paul
Plus Net - maxDSL - premier....or whatever its called now
Draytek Vigor 280VG running 2.7_E38 firmware