Spark customers upset at lack of information
Spark customers are upset at a lack of information from the telco about the discovery of a security breach.
It was revealed on Friday that Spark customers’ data was stolen in a massive hack on its email partner, Yahoo.
Yahoo said as many as 500 million accounts were potentially compromised in November 2014.
Auckland man Craig Vickery said he had been trying to find out from Spark what that meant for his account – but there was a three-hour wait to get through to speak to someone.
He believed his email accounts were being freshly hacked this weekend.
Spark spokeswoman Michelle Baguley said the company was still working through the data from Yahoo and would be in touch with customers once it had aligned that with its systems.
‘‘Yahoo told us that to the best of their knowledge the data from Spark has not been used maliciously.’’
She advised Xtra email users to change their password and security questions for their email account and any online services for which they may have used the same credentials.
Customers complained on Facebook page.
There was also confusion because Spark is asking its customers for per- Spark’s mission to move their email accounts from Yahoo to a new provider.
Mark Skilton, a Professor of Practice at Warwick Business School and an expert on cyber security, said the fact the security breach was revealed two years later was ‘‘shocking’’.
‘‘This is far too late for professional cyber security risk management and certainly from the organisational practices inside a company like Yahoo that one would expect,’’ he said.
‘‘The other factor is the legal impact for Yahoo from the reputational impact and liability in losses for customers. This could yet be significant and a headache for Verizon in its planned imminent takeover of Yahoo.
‘‘The lateness of the attack discovery, a whole two years, and the indication that it was a government state-sponsored attack suggests both a highly professional stealth attack or perhaps some failure in basic perimeter monitoring by Yahoo!’s internal security practice.
‘‘Either way, serious questions on internal checking of data breaches must be addressed.
‘‘There will be a significant internal review in Yahoo! and Verizon to develop a turnaround plan for this hack, but it also suggests a need for a stronger perhaps government and industry role needed to increase cyber protection in the light of the rise in more stealth attacks.’’