WHID 2007-75: PlusNet blames itself for webmail spamfest

Misconfiguration of a webmail system at a British hosting provider led to leakage of the entire user's database including all e-mails. The e-mail addresses where actively used for sending spam. Additionally the exploit was used to plant malware on some of the customers' web sites.

This incident is unique since PlusNet has published a very interesting and revealing report about the incident that shed a lot of light on real world state of life application security. A must read.

Additional information:

• PlusNet blames itself for webmail spamfest [News Story, May 24 2007]
• Web mail Incident Report [PlusNet, May 23 2008]