dalliard.net

Incompetence


This evening, I received an e-mail from my friendly ISP, explaining why all of a sudden from Sunday my e-mail address (which previous received not spam whatsoever) had started to get full with spam. Naturally, I was not impressed.

From:
"PlusNet Customer Support"
To:
[removed]
Subject:
Important information about your email address
Date:
Wed, 16 May 2007 22:35:15 +0100

Username: [removed]

Dear [removed],

This email contains important information about a problem with our
Webmail service which may have lead to your email address being exposed to
a spammer.

If you are affected by this, you may have noticed an increase in the
amount of spam received since Sunday 13th May. This includes spam to
email addresses that were previously spam-free. This increase in spam is a
result of a security issue on our Webmail service. You can read about
this on the Service Status pages of the Usertools website:
http://usertools.plus.net/status/archive/1179240249.htm

I would like to make it clear that the Webmail platform is separate to
the systems we use for storing personal information such as credit card
numbers and none of this type of information has been exposed as a
result of this issue. However, purely as a precaution we would advise you
to change your account password by visiting the Member Centre then
clicking Account Details then Change Password.
Please note if you change your account password this will need to be
updated in your router or modem as well as your browser and email
software.

I am extremely sorry that a malicious third party has managed to gain a
list of email addresses from one of our Webmail servers. On behalf of
PlusNet I would like to sincerely apologise to you for this security
breach and the increase in offensive spam emails that may now be affecting
your email address. We understand how annoying and upsetting spam email
can be and we are treating this with the utmost seriousness. My team
and I will continue to work round the clock to reduce the inconvenience
caused to you by this problem as much as we can.

When we learned of the attack on our Webmail service, we identified the
source of the vulnerability and implemented a fix as quickly as
possible. However, following a full audit of our Webmail service we identified
a number of additional security vulnerabilities that it has not been
possible to patch. While these potential vulnerabilities have not been
exploited, we are not prepared to compromise on customer security so we
have removed our Webmail service.

We intend to replace our current Webmail system as quickly as we can,
and this is one of the next priorities for my team at this time. In the
meantime, if you use Webmail to check your PlusNet email from your own
PC, you might find it more convenient to use an email program which
runs on your PC instead. You can find information about setting up most
popular email programs at
http://www.plus.net/support/email/setup/email_setup_guide.shtml

If you have been receiving spam email to any of your mailboxes, then
you could also reduce this by taking some or all of the actions
recommended here:
http://www.plus.net/support/security/spam/spam_problem.shtml

This incident has highlighted the importance of keeping systems as
secure as possible. It is important to ensure that you always have the
latest operating system updates and patches installed. Windows users can
obtain these by visiting Windows Update, which is linked to from the
Tools menu of Internet Explorer. We always recommend the use of fully
up-to-date third-party anti-virus, firewall and Internet security
software, particularly for Microsoft Windows users.

Again, I would like to be clear that we fully recognise the impact this
will have on our customers and indeed the internet community in
general. All of us here are taking this week’s security breach extremely
seriously and we are doing everything possible to resolve all outstanding
issues. We will be publishing a full incident report and plan on what we
intend to do next to our website before the weekend. This will explain
exactly what has happened and how.

As you might imagine at this time, our Customer Support Team is
extremely busy. I would be most grateful if, during the next few days, you
could avoid contacting us unless you have an urgent issue that is not
answered by any of the FAQs or elsewhere on our website. You can also find
more details on our recorded information line 020 7517 8754 (please
note that our Customer Support team are not available on this number).

Kind Regards,

Phil Webb
Networks Director
PlusNet

...and for this reason, you will understand that I'm now looking for a new ISP. I can't believe their slack attitude. Anyone got any recommendations?
blog comments powered by Disqus