The problems with Webmail for Plusnet do not seem to be going away quickly. A week after a relatively short amount of downtime on the 9th May, Plusnet has taken the decision to remove Webmail from service until further notice. The full set of service status messages can be read on the Plusnet Service Status pages.
For Plusnet customers who are abroad, things are compounded by a move to make the Plusnet web portal only available to IP addresses that are registered as UK based. Additionally, for those concerned about the security of their Mailbox passwords, it seems a problem regarding password changes surfaced on Tuesday evening but now seems to be resolved.
The original attack involved one of a cluster of six @Mail servers during which time the server software was changed to redirect people to a page that may have resulted in some people downloading a trojan onto their PC. So long as your copy of Windows was up to date with its Windows Updates, this should not have affected you. Even if you are not a Plusnet customer, but someone you know is or has been then it is possible the spammer may have obtained your email address if it was in a customers' online address book.
It is not clear whether the exploit affects all @Mail servers that exist around the world, since Plusnet has made custom alterations to the software. As to be expected when things like this happen, The Register has taken an interest and has received an interesting comment from Plusnet.
Armstrong pointed to a legacy of underinvestment at the firm, which it copped to earlier this year on its BT-backed relaunch. He said: "That has changed now and it's worth knowing that this is a new vulnerability in a piece of third party software."