The surprising part is the accounts were initially compromised almost two years ago, probably by a trojan which stole the username and passwords from individual computers.
Despite a media kerfuffle at the time it appears a number of users failed to change their password. "Most of those on the list published last week are old. Some are still valid," Telstra broadband chief Justin Milne reportedly told broadband community site Whirlpool.
For some BigPond users it is too late to protect themselves. One Whirlpool reader reported that someone had phoned BigPond Tech Support and changed his password, locking him out of his account.
Telstra BigPond spokesperson Kerrina Lawrence told ZDNet Australia that passwords are generally changed online, and the help desk is only contacted if someone forgets their password. In that event a series of questions of personal details are asked to confirm the identity of the caller. It is considered good security practice to change passwords every 30 days or so.
Lawrence said that it was up to the individual to secure their computer and home environment.
