I am not familiar with your UK provider (Plusnet) or how they specifically operate over there. Neither their website nor Wikipedia provide sufficient information. However Wikipedia did include this note:
Webmail security breach
At the beginning of May 2007 Plusnet suffered an attack on its web-based email system which was due to a previously unidentified vulnerability in the third-party software that was being used. Users accessing the webmail system may have been exposed to a trojan, although no reports of this surfaced. This trojan will have been ineffective on a fully patched Windows machine running regularly updated anti-virus software, or on non-Windows machines. A list of email addresses was harvested from the webmail platform and put into use by one or more third parties to send spam. These addresses included the user's own webmail address, as well as email addresses used previously and entries in the online address book. Users who connected to the specific webmail server that was attacked may have had their login details skimmed, although the purpose of the attack seems to have been simply to harvest email addresses.
This Web mail Incident Report
is where Plusnet explained to their customers what happened and what they did to resolve the problem and prevent something similar in the future. IMO those steps were not very thorough but then again they are not providing specifics in public most likely to prevent the criminals from reading that same information. It has been several years since that incident and its always possible they could have been compromised again which in turn would compromise their customers. It's also possible another servicing ISP they work with could have been compromised.
Generally an ISP provides Internet services through a data center which houses all of the company's servers and networking equipment. They usually purchase telecommunication lines from local telecommunications utilities in order to transmit traffic to larger Tier-1 or Tier-2 ISPs and become part of their network. In a nutshell, all this is a network of networks. There is no way for me to know what companies are all involved, where they are located, what security measures each has in place, etc. Thus, I don't have enough information to draw any conclusions that Plusnet is at fault. A thorough investigation by a federal agency via local law enfocement would have more resources to gather the necessary information to answer your question.
It's also possible that only your computer was hacked. Romania and Indonesia are notorious places for attackers to work in search of vulnerable computers. Hackers use "port scanning
" a popular reconnaissance technique, to search for vulnerable computers with open ports using IP addresses or a group of random IP address ranges so they can break in and install malicious programs. Botnets
and Zombie computers
scour the net, randomly scanning a block of IP addresses, searching for vulnerable ports (commonly probed ports
) and make repeated attempts to access them. Once a computer is compromised an attacker could access all or your personal information, including logins, passwords, etc.