Plusnet E-mail
Here's the e-mail I got. I recently changed my e-mail address due to spam reasons. All of a sudden from Sunday, I got my first spam e-mails. Here's the Plus e-mail statement on the whole cock-up...
It's piss poor. I'm off to find me a new ISP.
-----
Username: <removed>
Dear <name>,
This email contains important information about a problem with our Webmail service which may have lead to your email address being exposed to a spammer.
If you are affected by this, you may have noticed an increase in the amount of spam received since Sunday 13th May. This includes spam to email addresses that were previously spam-free. This increase in spam is a result of a security issue on our Webmail service. You can read about this on the Service Status pages of the Usertools website:
http://usertools.plus.net/status/archive/1179240249.htm
I would like to make it clear that the Webmail platform is separate to the systems we use for storing personal information such as credit card numbers and none of this type of information has been exposed as a result of this issue. However, purely as a precaution we would advise you to change your account password by visiting the Member Centre then clicking Account Details then Change Password.
Please note if you change your account password this will need to be updated in your router or modem as well as your browser and email software.
I am extremely sorry that a malicious third party has managed to gain a list of email addresses from one of our Webmail servers. On behalf of PlusNet I would like to sincerely apologise to you for this security breach and the increase in offensive spam emails that may now be affecting your email address. We understand how annoying and upsetting spam email can be and we are treating this with the utmost seriousness. My team and I will continue to work round the clock to reduce the inconvenience caused to you by this problem as much as we can.
When we learned of the attack on our Webmail service, we identified the source of the vulnerability and implemented a fix as quickly as possible. However, following a full audit of our Webmail service we identified a number of additional security vulnerabilities that it has not been possible to patch. While these potential vulnerabilities have not been exploited, we are not prepared to compromise on customer security so we have removed our Webmail service.
We intend to replace our current Webmail system as quickly as we can, and this is one of the next priorities for my team at this time. In the meantime, if you use Webmail to check your PlusNet email from your own PC, you might find it more convenient to use an email program which runs on your PC instead. You can find information about setting up most popular email programs at
http://www.plus.net/support/email/setup/email_setup_guide.shtml
If you have been receiving spam email to any of your mailboxes, then you could also reduce this by taking some or all of the actions recommended here: http://www.plus.net/support/security/spam/spam_problem.shtml
This incident has highlighted the importance of keeping systems as secure as possible. It is important to ensure that you always have the latest operating system updates and patches installed. Windows users can obtain these by visiting Windows Update, which is linked to from the Tools menu of Internet Explorer. We always recommend the use of fully up-to-date third-party anti-virus, firewall and Internet security software, particularly for Microsoft Windows users.
Again, I would like to be clear that we fully recognise the impact this will have on our customers and indeed the internet community in general. All of us here are taking this week’s security breach extremely seriously and we are doing everything possible to resolve all outstanding issues. We will be publishing a full incident report and plan on what we intend to do next to our website before the weekend. This will explain exactly what has happened and how.
As you might imagine at this time, our Customer Support Team is extremely busy. I would be most grateful if, during the next few days, you could avoid contacting us unless you have an urgent issue that is not answered by any of the FAQs or elsewhere on our website. You can also find more details on our recorded information line 020 7517 8754 (please note that our Customer Support team are not available on this number).
Kind Regards,
Phil Webb
Networks Director
PlusNet
This email has been sent as it contains important information about your service from PlusNet. Please do not reply to this email, as this is an unmonitored address.
PlusNet plc
Registered Office: Internet House, 2 Tenter Street, Sheffield, S1 4BY
Registered in England no: 3279013