The attackers took control of the firm’s mail server and stole a list of email addresses. The hackers then used these details to send spam.
The ISP confirmed that some users may also have been exposed to a Trojan horse. But, the firm said that no financial information, such as credit and debit card details, had been snatched.
According to PlusNet, a third party was responsible for the attack, which was discovered by the company on 9 May. After the breach an undisclosed number of customers began to receive vast amounts of spam, including offers for discounted pharmaceuticals.
“After a full security audit, PlusNet’s webmail service was taken offline permanently at midday Wednesday, 16 May, as a precaution against a number of minor potential security vulnerabilities that had not been exploited,” Neil Armstrong, products director at the ISP, said in a statement.
A replacement email service has now been set up for customers to access their accounts.
_(22).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
