Yahoo! hacked in New Zealand through WordPress vulnerability

New Zealand-based online media portal Yahoo!Xtra, a joint-venture between Yahoo!7 and Telecom New Zealand, has revealed its email service has been hacked, with some victims now receiving spam emails from dead relatives.

The New Zealand Heard reports Telecom has confirmed the service has been the victim of two separate, but potentially related “malicious” attacks.

In one of the attacks, which began on Saturday morning, emails sent to everyone on the contact lists of compromised accounts asked them to click on a link directing them to an online advertisement.

The telco initially downplayed reports of a major attack, claiming that some of its users had lost access to their accounts through hackers “phishing” their passwords.

“I got spam from my dead brother’s account. He obviously hasn’t been clicking any links, and for Telecom to blame him for this is just insulting,” one user said.

Telecom New Zealand outsources its Xtra email service to Yahoo!, which in turn uses an old and unpatched version of WordPress to host the service.

It subsequently emerged the company had suffered a “significant breach” of their email system, with up to 450,000 accounts potentially compromised as a result.


Notify of
Inline Feedbacks
View all comments
SmartCompany Plus

Sign in

To connect a sign in method the email must match the one on your SmartCompany Plus account.
Or use your email
Forgot your password?

Want some assistance?

Contact us on: or call the hotline: +61 (03) 8623 9900.