Plus Net Compromised.

[steve.milner]

I received the following email from plus net (www.plus.net) support today:


Username: xxxxx

Dear xxxx,

This email contains important information about a problem with our Webmail service which may have lead to your email address being exposed to a spammer.

If you are affected by this, you may have noticed an increase in the amount of spam received since Sunday 13th May. This includes spam to email addresses that were previously spam-free. This increase in spam is a result of a security issue on our Webmail service. You can read about this on the Service Status pages of the Usertools website: http://usertools.plus.net/status/archive/1179240249.htm

I would like to make it clear that the Webmail platform is separate to the systems we use for storing personal information such as credit card numbers and none of this type of information has been exposed as a result of this issue. However, purely as a precaution we would advise you to change your account password by visiting the Member Centre then clicking Account Details then Change Password.
Please note if you change your account password this will need to be updated in your router or modem as well as your browser and email software.

I am extremely sorry that a malicious third party has managed to gain a list of email addresses from one of our Webmail servers. On behalf of PlusNet I would like to sincerely apologise to you for this security breach and the increase in offensive spam emails that may now be affecting your email address. We understand how annoying and upsetting spam email can be and we are treating this with the utmost seriousness. My team and I will continue to work round the clock to reduce the inconvenience caused to you by this problem as much as we can.

When we learned of the attack on our Webmail service, we identified the source of the vulnerability and implemented a fix as quickly as possible. However, following a full audit of our Webmail service we identified a number of additional security vulnerabilities that it has not been possible to patch. While these potential vulnerabilities have not been exploited, we are not prepared to compromise on customer security so we have removed our Webmail service.

We intend to replace our current Webmail system as quickly as we can, and this is one of the next priorities for my team at this time. In the meantime, if you use Webmail to check your PlusNet email from your own PC, you might find it more convenient to use an email program which runs on your PC instead. You can find information about setting up most popular email programs at http://www.plus.net/support/email/se...up_guide.shtml

If you have been receiving spam email to any of your mailboxes, then you could also reduce this by taking some or all of the actions recommended here: http://www.plus.net/support/security..._problem.shtml

This incident has highlighted the importance of keeping systems as secure as possible. It is important to ensure that you always have the latest operating system updates and patches installed. Windows users can obtain these by visiting Windows Update, which is linked to from the Tools menu of Internet Explorer. We always recommend the use of fully up-to-date third-party anti-virus, firewall and Internet security software, particularly for Microsoft Windows users.

Again, I would like to be clear that we fully recognise the impact this will have on our customers and indeed the internet community in general. All of us here are taking this week’s security breach extremely seriously and we are doing everything possible to resolve all outstanding issues. We will be publishing a full incident report and plan on what we intend to do next to our website before the weekend. This will explain exactly what has happened and how.

As you might imagine at this time, our Customer Support Team is extremely busy. I would be most grateful if, during the next few days, you could avoid contacting us unless you have an urgent issue that is not answered by any of the FAQs or elsewhere on our website. You can also find more details on our recorded information line 020 7517 8754 (please note that our Customer Support team are not available on this number).

Kind Regards,

Phil Webb
Networks Director
PlusNet

This email has been sent as it contains important information about your service from PlusNet. Please do not reply to this email, as this is an unmonitored address.

PlusNet plc
Registered Office: Internet House, 2 Tenter Street, Sheffield, S1 4BY
Registered in England no: 3279013

The article reffered to on the staus page:

Service Status RSS Feeds
Reports of Spam Email (42837) - UPDATE
Email
Posted on: Tuesday 15 May 2007, 15:44
This is an update to the previously reported issue regarding the increased volume of unsolicited email being sent to some customers' mailboxes. A copy of the last update can be seen here:-
http://usertools.plus.net/status/archive/1179167580.htm

We are currently dealing with a serious security incident that has resulted in a third party illegally accessing our Webmail database. The third party has acquired a list of email addresses for the purpose of distributing unsolicited email (spam).

We take the security of our customers' information very seriously and would like to reassure customers that the incident is being handled with the utmost importance and that at this stage in the investigation we believe no other personal information, including credit card details, has been disclosed.

We would like to assure customers that our incident team are working around the clock with the relevant authorities in order to resolve the situation. We have conducted a full platform audit and our network and software engineers are currently taking a number of actions to minimise any further risks to customers.

We became aware of an attack on Wednesday 9th May 2007 and immediately took our Webmail service offline to secure the platform. We promptly identified the source of the vulnerability and implemented a fix to prevent further attacks. We will provide full details on the vulnerability and actions taken in the incident report which we aim to publish on Friday 18th May 2007. At present we are working with our vendors and legal authorities so cannot expand further on this.

As a result of the attack a small number of customers may have downloaded a Trojan virus. This will only have affected un-patched Windows PCs with no anti-virus software installed. We are contacting affected customers by phone and email. If you have not received an email from PlusNet customer support today regarding this, your PC is not affected. However we always recommend customers have fully up-to-date Windows software and anti-virus software.

On Sunday 13th May 2007 we received reports that customers were receiving spam emails to addresses that had not previously received spam. Following investigation of these reports it became apparent that a third party had illegally acquired a list of email addresses. This list was obtained from our Webmail platform and includes accounts that customers have used to login to Webmail, as well as some email addresses contained in customers' online address books, and addresses customers have sent to using our Webmail service. It is possible that your email address may have existed in the Webmail database even if you had not used the Webmail service yourself.

This list is now being used to distribute spam email which continues to be sent to customers, and it is likely that this will continue.

One of six @Mail servers was attacked and it is possible that customers connected to this server during the incident, may have had their login details observed. Purely as a precaution we advise customers to change their account password by visiting our website https://portal.plus.net/my.html?acti...e_password&s=0 Please note if you change your account password this will need to be updated in your router or modem as well as your browser and email software.

We would like to sincerely apologise for the inconvenience to our customers and thank you for your patience whilst we continue to investigate and resolve this incident.

Further details will follow as they become available and a full incident report will be published on Friday 18th May 2007. In the meantime we would like to ask that you avoid contacting our Customer Support Centre regarding this issue as no further information is available at this time, we will provide all information that we have via Service Status and emails to customers.

Kind Regards,

Phil Webb
Networks Director
PlusNet

I have raised the following complaint with them:


I can not find an adequate place to make this complaint so I am making it here.

Since your security failure I am receiving 20+ spam messages per day to my spam free email address.

You are responsible for this.

In order for me to rectify the situation to prevent the arrival of unsolicited email I was not previously receiving I will incur costs:

1) Purchase and registration of a new domain. My current main domain is xxx.yyy
2) Modification of DNS records (30 minutes)
3) Modification of my mail server for the new domain (2 hours)
4) Modification of my other domains to forward email to my new domain (30 minutes)
5) Emailing my contacts to inform them of my change of email address (3 hours)
6) Emailing the contacts of other users of the xxx.yyy domain to inform them of change of email address (3 hours)

I will also experience loss:

I will need to abandon the domain xxx.yyy which I have held for over 4 years and is significant to me since it is related to my home property name.

I would like you to make me a reasonable financial offer to cover my costs and compensate me for my loss following your failure to adequately secure my personal details

I expect to receive this offer within 10 working days of this complaint (no later than Monday 4th June 2007) which is a reasonable time to process this complaint.

Failure to do so may result in me taking legal advice, the cost of which I will consider to be a cost incurred as result of your failure to secure my personal details and my requirement to obtain reasonable recompense for this failure.

Regards,
XXX

Thoughts anyone?

[Computernerd22]

I have raised the following complaint with them:


I can not find an adequate place to make this complaint so I am making it here.

Since your security failure I am receiving 20+ spam messages per day to my spam free email address.

You are responsible for this.

In order for me to rectify the situation to prevent the arrival of unsolicited email I was not previously receiving I will incur costs:

1) Purchase and registration of a new domain. My current main domain is xxx.yyy
2) Modification of DNS records (30 minutes)
3) Modification of my mail server for the new domain (2 hours)
4) Modification of my other domains to forward email to my new domain (30 minutes)
5) Emailing my contacts to inform them of my change of email address (3 hours)
6) Emailing the contacts of other users of the xxx.yyy domain to inform them of change of email address (3 hours)

I will also experience loss:

I will need to abandon the domain xxx.yyy which I have held for over 4 years and is significant to me since it is related to my home property name.

I would like you to make me a reasonable financial offer to cover my costs and compensate me for my loss following your failure to adequately secure my personal details

I expect to receive this offer within 10 working days of this complaint (no later than Monday 4th June 2007) which is a reasonable time to process this complaint.

Failure to do so may result in me taking legal advice, the cost of which I will consider to be a cost incurred as result of your failure to secure my personal details and my requirement to obtain reasonable recompense for this failure.

Regards,
XXX

Thoughts anyone?

Nicely written & worded. You can tell your serious about this. I wonder whats going to happen?

[Moira]

I received this email. To be honest, I didnt even know I had a plusnet email address - I briefly considered moving to Plusnet some years ago, but abandoned the idea. I certainly don't to my knowledge get mail to an account with them. If so, then it doesn't download to my inbox and I know nothing about any extra spam!

[Linen0ise]

Better check your service agreement contract.

[Moira]

Who, me?

[nihil]

Hi Moira,

That seems very interesting to me. You were considering a move but never made it.........and that was some years ago?

OK, you are still on their database, but don't you see that they are not targeting existing and active customers............... this is a shotgun fired at their entire database. Those guys are running scared, so I wonder what they have not told us?

I seem to recall a certain building society getting fined £980,000 for a security breach............................

[Moira]

Yeah like you say, they aren't targetting existing and active customers - as far as I know, I never had a plusnet email address. Very interesting ..... I was fairly surprised to receive that email.

[steve.milner]

I've had reply basically saying my request is above the person's pay grade and it has been escalated

I was expecting an outright rejection.

Perhaps a 'class action' is worthwhile

Steve

[steve.milner]

I certainly don't to my knowledge get mail to an account with them. If so, then it doesn't download to my inbox and I know nothing about any extra spam!

I've neer used their webmail service, and don't use them for mail at all. I have my own server.

However when I signed up with them years ago I gave them (foolishly it now seems) my 'real' email address as a contact and It's that address, that was previously spam free which is getting the spam.

I agree with Ni, there's more to this than meets the eye!

Can anyone recommend a good UK ISP that offers a sensible priced (£20 or less) fixed IP ADSL service?

Yeah OK I'm filtering it out etc. but that's not the point. It's eating my bandwidth and since I'm on the end of a very long piece of wet string I only get 512K anyway so it's quite precious me.

I'm already got a new domain and I'm in the process of getting it sorted out.

DNS is done, and mail forwards are set up for my old domain.

I need a few new certificates and then I've my machine at home to change the hostname on and then everyone I know needs to be informed...

<sigh>

Steve

[Moira]

Has anyone now had a second email? I won't quote it in full because it's quite lengthy, but it starts:

From Thursday 24th May we will be making our Spam Protection service available to all customers, so even those who haven't been able to take advantage of the service up until now will be able to benefit from reduced levels of unsolicited and nuisance email.

Entitled Email Security Improvements it still seems to imply I have an account with them!