The second attack has compromised the security of some customers, making it possible for emails to be sent from their accounts without their knowledge, Telecom said.
While it was difficult to know how many accounts had been affected, Telecom believed it was a "small percentage" of the total customer base.
It did not offer any additional advice to earlier warnings for victims to change their passwords.
Telecom's CEO retail Chris Quin said while Yahoo's security was sophisticated, no system was 100 per cent bullet proof.
"... As we have seen from this incident, cyber-attacks by global criminals are becoming increasingly sophisticated.
"We are currently working with Yahoo! to investigate further," Mr Quin said.
"We would like to apologise to all our customers for any distress or inconvenience caused and assure them that we are doing all we can, in conjunction with Yahoo!, to resolve this incident."
Despite claims that a small percentage had been affected, YahooXtra customers have been saying that the spam issue plaguing their mailboxes is worse than the email service is admitting and it's still happening, despite assurances it had been fixed.
The company said it was told early Sunday that the issue had been resolved, but customers told the NZ Herald the problem was far from over.
Carl Black disputed Telecom's claims that customers must have clicked a link.
"I got spam from my dead brother's account.
"He obviously hasn't been clicking any links, and for Telecom to blame him for this is just insulting," he said. APN , APNZ
