Hundreds of New Zealanders have had their email accounts hijacked by "savvy'' spammers.
It isn't known how the Yahoo Xtra email security was breached. But once it was, emails were sent to everyone on the users' contact lists asking them to click on a link.
Telecom - which uses Yahoo for its email service - said it was "a suspected phishing issue''.
Phishing is a tactic used by scammers pretending to be legitimate sources to get confidential information such as passwords, usernames or even credit card details.
Telecom spokeswoman Jo Jalfon said the problem arose on Saturday afternoon.
"Some customers reported experiencing bounced emails and noticed emails were being sent to their contact list
after opening suspicious emails.''
The company said they were told early yesterday that the issue had been resolved, but emails continued to be sent throughout the day and customers were being told to change their passwords to stop more issues.
"Despite the huge focus Yahoo! puts on email security, spammers are internationally becoming increasingly savvy,'' Ms Jalfon said.
"Telecom advises its customers to routinely change their password to further reduce the risk of their email account being compromised in any way.''
She said 150 customers had called to say they had opened the email but it was impossible to say how many were involved in total because some would have just deleted the suspicious email when they received it.
However, Yahoo Xtra customers say the spam issue plaguing their mailboxes is worse than the email service is admitting.
Yahoo Xtra customer Peter Fowler said he did not believe Telecom was being "honest'' about the cause.
He said Telecom's explanation that it was the customer clicking on the link that sent the spam made him look
"stupid``in the eyes of the 175 people on his contact list.
"I did not click on any link and in fact hadn't used the account for about a month.
"Talking to the help desk in the Philippines last night, I got the impression someone had hacked into Yahoo/ Telecom servers and were generating the spam from within the Telecom/Yahoo servers.
There is no other explanation for how the spammers managed to get access to all the contacts in my address book.''
Fowler said he had since closed his Yahoo account.
Another Xtra user, Alex Munroe, also expressed concern over the magnitude of the problem.
"I think `hundreds' is being a little conservative. I think the article should read 'hundreds of thousands' or possibly
'millions' considering Xtra is NZ's biggest internet service provider. Xtra was caught napping.
"This mass spam attack over the weekend has affected friends and family of mine worldwide.''