Webmail contact lists at risk from brute force password hacking
PC Pro has reported that Virgin Media customers are reporting spam being sent to all the email addresses in their contact lists on their webmail accounts. Similar issues are being reported by Yahoo and GMail users.
The most likely explaination is that hackers are running dictionary based attacks on various webmail systems, which is a very good way to get around things like SMTP (TCP port 25) restrictions.
While there is a great deal of pressure to re-use passwords as we all have so many of them, alerts like this highlight the importance of keeping passwords unique, and ensuring they are not easy to guess. Attempting to avoid dictionary attacks with subsitution of i for 1 or 0 for o are not going slow down automated attacks at all, as the coder can easily include these substitutions.
If your webmail has been hacked, before altering the password do ensure that your computer is free of viruses and malware. It would also be worth warning contacts by word of mouth or text message to be wary of emails particularly those that include attachments.