What exactly does "obtained illegally" mean?

PlusNet, what EXACTLY does "customer email addresses have been obtained illegally by a third party" mean?

Also, whilst I'm not suggesting you'd be able to name the third party, for obvious reasons, how do you know it's a third party that has obtained them?

How have customer details been obtained by a third party? What happened for them to be able to obtain them - is there any idea at this stage?

By what date will all affected customers have been contacted, and how are you contacting them? How many customers have been affected?

I'm not, so far, happy with the statement which has been given by PlusNet as to what has happened here. Shouldn't a notice also be posted on the front page of the plus.net website so as concerned customers can immediately go to further information rather than having to look through a site that they possibly don't visit often and aren't aware of the location of some of the announcements? I realise such a message may seem damaging to PlusNet's reputation, but this incident would have seemed to have done that anyway.

I doubt that we'll hear too many more details now. Partially due to the way in which we all know PlusNet report these things but also because of the seriousness of this breach of security, some matters will literally be out of PlusNet's hands. Even some of the most open companies go into lock-down when something of this scale occurs, if any sort of customer databases are stolen or suspected of being stolen all sorts of people need to be informed and all sorts of procedures followed.

But yeah, all great questions

In reply to:

---

how do you know it's a third party that has obtained them

---

Unless a user receives spam from Plusnet, or spams themselves, then a 3rd party is involved.