Customers of PlusNet, the ISP, have been hit by a deluge of spam after their email addresses were stolen.
"It has come to our attention that a number of customer email addresses have been obtained illegally by a third party," PlusNet said on Tuesday. Some users have fallen victim to "increased levels of spam" as a result of the theft, the ISP added.
The theft first became apparent on Sunday, when PlusNet highlighted the problem on its website. Subsequent forum conversations on www.thinkbroadband.com have suggested that the stolen user data could be as much as two years old, because users have reported spam being sent to accounts that have theoretically been unused since the middle of 2005.
Sentry Posts Blog
Guarding the network
What you need to know — and what you and your peers have to tell us — about security management in our new community group blog
The ISP maintains that it takes data security "very seriously" and it says it is confident the issue has been resolved. "We are in the process of contacting all affected customers in order to inform them of the incident and of any steps they need to take to ensure that their internet connections and computers are safe. We regret that this has happened but are confident that we have resolved this issue and will monitor the situation closely to ensure that the effect is minimised and the issue does not reoccur."
PlusNet said that it is carrying out a "detailed investigation" into the theft and that it will produce a "full incident report" on Friday.
In 2006 the ISP suffered a string of mishaps, the most notable of which was the accidental deletion of thousands of customer emails by an engineer. PlusNet is now owned by BT.
Talkback
We have just finished analysing 2 years of spam data and it may be no surprise to some that PlusNet ranked 7th in our chart of the most spam-targeted UK ISP’s...
http://www.clearmymail.com/press/most_spam_targetted_isps.aspx
Looking at our statistics for yesterday we have seen an alarming increase in spam for PlusNet customers - shooting up a massive 62% against the same period last week
The worrying thing about this is that it appears that some of the targeted email accounts have not been used for several months. This could be a sign that the email addresses have either been stolen by hacking into the PlusNet systems or even sold to the spammers by an insider.
Spam gangs are now targeting UK ISP's much more effectively using new techniques that are easily able to by-pass standard spam filters. The cost of these attacks to the ISP can be enormous - they clog up mail servers, slow down customers Internet access and can cause physical damage to customers computers if they contain Viruses or Trojans.
Dan Field
Managing Director
ClearMyMail Limited
dan.field@ClearMyMail.com