Can we be sure it was just webmail addresses?

If the problem was simply someone getting a list of email addresses, then why are we being advised to change our passwords ?

quote (from Plusnet email sent at 6.30pmm this morning) : .........

I would like to make it clear that the Webmail platform is separate to the systems we use for storing personal information such as credit card numbers and none of this type of information has been exposed as a result of this issue. However, purely as a precaution we would advise you to change your account password by visiting the Member Centre then clicking Account Details then Change Password.
Please note if you change your account password this will need to be updated in your router or modem as well as your browser and email software.

This incident has highlighted the importance of keeping systems as secure as possible. It is important to ensure that you always have the latest operating system updates and patches installed. Windows users can obtain these by visiting Windows Update, which is linked to from the Tools menu of Internet Explorer. We always recommend the use of fully up-to-date third-party anti-virus, firewall and Internet security software, particularly for Microsoft Windows users.

I've got to smile. PlusNet lecturing the users on the importance of keeping systems secure! Why o why have I not reached for my MAC code?

From what I understand someone compromised a server, and this is how the trojan got out, but for those using the server in this time frame they may have seen your email passwords and knowing how people often use the same ones for multiple purposes it seems a wise idea to change them.

It is possible that if some people are using sites that send a password to an email address when you request a new one, that some may have had them sitting in their webmail too.

In reply to:

---

It is possible that if some people are using sites that send a password to an email address when you request a new one, that some may have had them sitting in their webmail too.

---

The information so far provided by PlusNet seems to indicate that either a database or log files containing email addresses has been obtained.

They have not said that emails were possibly read or compromised; if this were the case then it

As I understand it, access was obtained to just the webmail databases. The emails are stored on the separate mail storage platform, the webmail server has to access these using pop3 or imap which is why on mailboxes with a lot of emails there is a long delay when you log in.

I think it is highly unlikely that the contents of emails (or even a list of the emails in a mailbox) has been obtained.

can we be sure that Pn have discovered the whole extent of the problem?

Can we really trust them with the info they pass out?

Perhaps only a very brave person would answer those in the affirmative.

Can someone at PlusNet confirm whether their system stores passwords direct or only a one way hash?

Thanks
Neil

I am working on the assumption that potentially someone on a server could look at the traffic, and if they got a few users passwords they could have used these to read the other bits of the inbox perhaps, since once you have the password I presume they could then look just like the legit user.

Hopefully we should know more officially on Friday.

I haven't been a Plusnet customer for a while now but I just started receieving spam from the email address I used to signup with plusnet. It's a claranet address. Definately not easily guessable or randomly spammable and it's only ever been used to signup with Plusnet.

So I'm guessing that more than their webmail got hacked.

I agree 100 per cent and although it

The address may well have been somewhere within the webmail platform. Unfortunately PlusNet haven't explained things very well and yes, we're not entirely sure of the method of the compromise. But what it looks like happened is part or all of database(s) on at least one of the webmail servers was harvested for addresses. This means that not only PlusNet addresses which were accessed via webmail, but also those on people;s webmail contact lists, previous recipients lists, and potentially even to:, from: cc: or bcc: fields in emails may have been acquired.

In other words if there was ever any link to the address you signed up with with PlusNet with the webmail platform it could have been harvested. Whether that was you or someone else (including PlusNet staff) emailing that address via webmail it doesn't matter.

I'm not saying the breach definitely wasn't deeper than just the webmail platform, but the above are things worth looking at. This spam is not the often seen type of randomly guessed addresses but spam specifically targeted at known valid email addresses harvested.