You are not permitted to download, save or email this image. Visit image gallery to purchase the image.
Spark is in the process of contacting Xtra customers whose account security may have been compromised in Yahoo's massive data breach.
Yahoo confirmed the 2014 breach in an announcement this morning, saying computer hackers swiped personal information from at least 500 million accounts in what is believed to be the biggest digital break-in at an email provider.
The company also confirmed information from some of Spark's Xtra customers was included in the stolen data.
Spark was working closely with Yahoo to identify any customers who may be affected spokeswoman Michelle Baguley said.
Yahoo had no evidence that the stolen bcrypt-protected passwords or security questions and answers were used to gain unauthorised access to Spark accounts.
The stolen account information may have included names, email addresses, telephone numbers, dates of birth, and hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.
Yahoo's investigation suggests that information did not include unprotected passwords.
"Spark will be communicating directly with customers who we believe may have been impacted as soon as we have more information," Baguley said.
"We would like to remind all customers to change their password and security questions for their Xtra account and any other account on which you used the same or similar information."
Spark advised all Xtra users to regularly update their account settings with a strong, difficult-to-predict password.
Baguley advised all Xtra customers who had not changed their password or security questions since 2014, or are unsure if they have, to do so on the Spark website using this link: www.spark.co.nz/changepassword.
The company was currently in the process of preparing to move all of their email systems back home to New Zealand.
Yahoo didn't explain the delay in uncovering a heist that it blamed on a "state-sponsored actor", parlance for a hacker working on behalf of a foreign government.
The Sunnyvale, California, company declined to explain how it reached its conclusions about the attack for security reasons, but said it is working with the FBI and other law enforcement.
Yahoo began investigating a possible breach in July, around the time the tech site Motherboard reported that a hacker who uses the name "Peace" was trying to sell account information belonging to 200 million Yahoo users.
Yahoo didn't find evidence of that reported hack, but additional digging later uncovered a far larger, allegedly state-sponsored attack.