Spam Recipents May Be Entitled to CompensationWritten by Sue Walsh on February 8, 2013
Telecom email users in New Zealand could be in line for some compensation following a
wave of spam that hit them from YahooXtra. Security experts say thousands of YahooXtra users had their accounts compromised and used to pump out large amounts of spam. It’s not quite clear exactly what caused the widespread hacking but signs appear to point to a sophisticated phishing attack. That attack sent highly professional looking notifications to thousands of YahooXtra users, and those who fell for it infected their systems with malware. A second attack used that malware to send out large amounts of spam. YahooXtra released a statement saying the integrity of their user data had not been affected and dismissed claims that the spam campaign was bolstered by a data breech at the company.
”Given the nature of these emails – sent indisputably to Xtra contact lists, in some cases to people who haven’t been in contact for a long time and others very recently – it’s highly likely that either the issue wasn’t patched successfully, a new attack vector has been found or more likely, contact lists have been harvested during the initial attack to enable this secondary attack on Xtra email holders .According to security sources, this original attack appears to have been due to a vulnerability in the Yahoo Developers Network, due to blog software that hadn’t been updated for at least nine months. The fact that there was an XSS vulnerability at Yahoo has been known since at least November,” said IITP head Paul Matthews in an interview with the Dominion Post.
It’s not clear exactly what kind of compensation the users are entitled to, or who would pay it. Do you think users subjected to spam attacks deserve compensation? If so how much and who should pay? Should a user have to prove they aren’t responsible for getting themselves spammed? Please leave a comment with your thoughts!