This attack involved overseas cyber criminals targeting web addresses in Eastern Europe and bouncing traffic off Spark customers, the New Zealand company said.
This led to "high traffic loads" hitting Spark's servers which according to the company meant its own customers had slow or no connection.
While customers trying to access the leaked photos of the Hollywood star was initially blamed , yesterday Spark posited a different theory.
"While we're not ruling out malware as a factor, we have also identified that cyber criminals have been accessing vulnerable customers modems on our network...most of these modems were not supplied by Spark and tend to be older or lower end modems," the company said.
Computer forensic investigator and security expert Daniel Ayers said this explanation makes more sense.
"I didn't believe the malware issue at the start because if international cyber criminals issue malware... that would have been seen around the world and involved other ISPs [internet provides] in New Zealand not just Spark," he said.
Ayers also though Spark was also "a bit slow off the mark" working out what the problem was.
"Maybe's what happened is they went down the wrong track to start with and that's why they were thinking 'oh it's malware, our customers are affected with malware, it's got to do with all these photos'. If that was there opening assumption that's probably sent them off in the wrong direction for a while," he said.
While Spark was likely targeted because it is the biggest internet company in the country, Ayers suspected that other ISPs' network wouldn't have allowed this sort of attack to happen.
