Xtra email compromised?

Written By: - Date published: 12:16 pm, February 10th, 2013 - 17 comments
Categories: internet - Tags: ,

In the last 12 hours I’ve had robo-spam email from 4 different friends, all with xtra email accounts.

Is anyone else seeing this? Could be a major compromise of xtra email.

If you have an xtra account, check your “out” folder. If there are messages there (typically to about 8 recipients) that you didn’t send, then you are probably affected.

17 comments on “Xtra email compromised? ”

  1. JK 1

    Yep – I received one – no subject – from Moira Coatesworth which turned out to be spam

  2. James Thrace 2

    Yep, I’ve had 2 from the same person. Both spam. Both emails included all recipients in the “to” field that this person has emailed… ever.

  3. Roflcopter 3

    It’s been happening with increasing frequency over the last week or so.

  4. Ed 4

    I’ve had two in the last 12 hours – is it worth advising people to contact Xtra?

  5. Zola 5

    I got the following sent to me.-

    Dear Xtra Subscriber, We are currently verifying our subscribers
    Profile in order to increase the Efficiency of our mail
    features.
    Due to the congestion in all Profile users and removal of all unused
    Account, Xtra Will be shutting down all unused Profile,
    To Join in the Recent Upgrade Taking Place at Xtra ,You must
    Reply to this email by Confirming your account details below,
    UserName:
    Password:
    Failure to do this will immediately render
    your email address deactivated from our database.
    Thanks for using Xtra MAIL
    We are sorry for any inconvenience.
    Regards,
    Xtra Customer Care Team.

    • DH 5.1

      Standard phishing email there Zola, that’s not from Xtra. Anyone who followed those instructions needs to change their password.

      [lprent: Good advice. Apart from using the word “Standard”. Just to be clear, we don’t send e-mails asking anyone to do anything apart from when they initially register. And that has been off since the server move in Jan because I forgot to turn the darn thing back on. I needed to get rid of the IP of the originating server, and never got time to do it. Back on in the next few days. ]

      • Janice 5.1.1

        I was going to warn the same DH. I am with xtra and have not received anything like that yet.

  6. Fortran 6

    Yes I got a real Xtra em stuff up yesterday afternoon, bouncing em’s to people in my address book to whom I have sent nothing.
    Had huge auto MS security update (23 updates) this morning.
    Probably related.
    Updated all my security programmes this morning.

  7. Nigel 7

    Yes, I have had about 8 of these emails and other family members have them too. – all xtra/yahoo accounts. started at just before 7am today. The link in each email points to a different URL each time, which is unusual.

  8. PM-Geek 8

    It was actually a Yahoo vulnerability that has been doing the rounds for a few weeks, but seems to have jumped over to Xtra (who outsource their email to Yahoo).

    For geeks: It was an XSS vulnerability in a 9 month old unpatched instance of WordPress on Yahoo’s site. Details here:
    http://threatpost.com/en_us/blogs/yahoo-mail-breach-linked-old-wordpress-vulnerability-013113

    For non-geeks: This was a vulnerability at Yahoo’s end and particularly slack. Just another reason you really shouldn’t use Yahoo or Xtra email accounts.

    Probably the same issue that was discovered and being sold last year (eg see here):
    http://threatpost.com/en_us/blogs/yahoo-mail-cross-site-scripting-attack-sale-112612

    Apparently it’s fixed now, although it’s quite likely that whoever did it kept copies of all your contacts and will keep spamming them in your name.

    • r0b 8.1

      Thanks for that…

    • David H 8.2

      Damn you mean people still use Yahoo??? But it’s not only that, it’s the whole Miccysoft (Windows (they own a chunk of Yahoo)) bundled software ie: Outlook express, or what ever they call it now.
      I use Thunderbird for a mail client, and I have a Gmail account, and I have NO problems. There again I keep well away from anything to do with Telecom. Yes I do use Windows 7 but anti virus, and previously mentioned mail programs, are NON Miccysoft.

  9. irascible 9

    Have had spam url link from at least 5 people this weekend from within NZ. Earlier had same link spammed from email accounts in ME / Asia all thRough Yahoo.

  10. karol 10

    I had one today. Alerted the person who said they’d just noticed that loads of emails had been sent from hir account.

  11. John Dalley 11

    Iv’e had several with xtra address as well as a couple with yahoo email accounts

  12. Nigel 12

    Hi all, I’m still getting the emails. All from accounts @xtra.co.nz via yahoo.com – another six so far today. I must be in a lot of address books.

  13. Nigel 13

    I meant to mention that the spamming was briefly reported on the 6 O’Clock One News yesterday (Sunday).