Spark is investigating if Xtra users are affected by another Yahoo hack.
Yahoo says it believes "state-sponsered" hackers stole data from more than one billion user accounts in what is thought to be the largest data breach at an email provider.
A spokeswoman for Spark said the company is working closely with Yahoo to understand if any New Zealand customers are impacted.
"The historic data stolen is believed to be username and password combinations, so customers who have changed their password since August 2013 are not likely to be vulnerable. Secret questions and answers for New Zealand customers are not stored by Yahoo," she said.
Spark ditched Yahoo this year and is in the process of migrating Xtra Mail services back to New Zealand earlier this year after issues with security, phising and spam.
The Sunnyvale, California, company was also home to what's now most likely the second largest hack in history, one that exposed 500 million Yahoo accounts. Spark said 130,000 customer email addresses may have been compromised in the data breach. The company disclosed that breach in September. Yahoo said it hasn't identified the intrusion associated with this theft.
Yahoo says the information stolen may include names, email addresses, phone numbers, birthdates and security questions and answers. The company says it believes bank-account information and payment-card data were not affected.
But the company said hackers may have also stolen passwords from the affected accounts. Technically, those passwords should be secure; Yahoo said they were scrambled twice - once by encryption and once by another technique called hashing. But hackers have become adept at cracking secured passwords by assembling huge dictionaries of similarly scrambled phrases and matching them against stolen password databases.
That could mean trouble for any users who reused their Yahoo password for other online accounts.
- With AP