close
MENU
How to guide
How to guide
Home
The NBR List
NBR View
NBR Marketplace

Categories

General Business Investment Economics Te Ao Māori Politics Infrastructure Australia Tech & Innovation Finance Law Professional Services Primary Industries Retail Property Deals Aviation News Comings & Goings

Analysis

All Economy Matters Edwards on Politics Hunter’s Corner Last Word Margin Call On the Money Shoeshine Underarm NBR Focus

Featured

Podcasts Audio Articles Entrepreneurs Your Business Beehive Banter Morning Brew Toil & Trouble NZ Aviation News Back Issues Market Outlook Dollars & Sense Private Bin Opinion (Archive) NBR Radar (Archive) NBR Rich List (Archive)
1 mins to read
12

Spark says 130,000 Xtra mail address at risk after Yahoo hack

Number finally established. Privacy Commissioner says episode shows need for mandatory data breach notification — which is coming in early 2017.

Mon, 26 Sep 2016

Spark has finally established how many of its customers were affected by a 2014 hack of Yahoo's servers — or at least how many Xtra Mail addresses: 130,000.

In total Yahoo hosts around 825,000 Xtra Mail accounts on behalf of Spark.

After nine trouble-prone years, Spark is finally moving away from Yahoo. From January, Xtra Mail customers will be transferred to New Zealand company SMX, part-owned by Sam Morgan.

The latest statement from Spark says:

We take this matter very seriously and will be progressively communicating directly with these customers who may have been impacted, from today, and over the course of the next 48 hours. The number of email addresses potentially at risk is 130,000, which is around 15% of the total Xtra email address base.

Spark will be asking these customers to immediately change their passwords (if they haven’t already.)

Yahoo has told Spark it has no evidence that the stolen information has been used to gain unauthorised access to Spark accounts.  

That last sentence has to be taken with a grain of salt. The hackers aren't about to telegraph any future attack to the hapless Yahoo.

Privacy Commissioner John Edwards praises Spark for taking quick action, given people often share passwords and security questions between services, and email is often used as a central repository of personal information.

However, he adds there are indications that Yahoo may have sat on the information for months and that "shows why we need mandatory breach notification."

An update to the Privacy Act, that will include mandatory breach notification to customers, is due to be tabled in Parliament early 2017.

Hopefully. Keen NBR readers will be aware that the Privacy Act update has been in the offing since 2012.

© All content copyright NBR. Do not reproduce in any form without permission, even if you have a paid subscription.
Related News
7

Spark says customer data stolen in giant Yahoo hack
38

Spark finally ditches Yahoo, moves Xtra mail to New Zealand company SMX
Related News
7

Spark says customer data stolen in giant Yahoo hack
38

Spark finally ditches Yahoo, moves Xtra mail to New Zealand company SMX
Spark says 130,000 Xtra mail address at risk after Yahoo hack
61919
false
Subscribe Login