Emerging Technology

Yahoo! hacked in New Zealand through WordPress vulnerability

Andrew Sadauskas /

New Zealand-based online media portal Yahoo!Xtra, a joint-venture between Yahoo!7 and Telecom New Zealand, has revealed its email service has been hacked, with some victims now receiving spam emails from dead relatives.

The New Zealand Heard reports Telecom has confirmed the service has been the victim of two separate, but potentially related “malicious” attacks.

In one of the attacks, which began on Saturday morning, emails sent to everyone on the contact lists of compromised accounts asked them to click on a link directing them to an online advertisement.

The telco initially downplayed reports of a major attack, claiming that some of its users had lost access to their accounts through hackers “phishing” their passwords.

“I got spam from my dead brother’s account. He obviously hasn’t been clicking any links, and for Telecom to blame him for this is just insulting,” one user said.

Telecom New Zealand outsources its Xtra email service to Yahoo!, which in turn uses an old and unpatched version of WordPress to host the service.

It subsequently emerged the company had suffered a “significant breach” of their email system, with up to 450,000 accounts potentially compromised as a result.

Advertisement
Andrew Sadauskas

Andrew Sadauskas is a former journalist at SmartCompany and a former editor of TechCompany.