BT dumps Yahoo Mail after account hijack claims

BT dumps Yahoo Mail after account hijack claims

Summary: BT will move six million co-branded email accounts to its own system in the coming months.


Following a surge in complaints about email account hijacking incidents, BT has decided to drop Yahoo as its email partner for its broadband subscribers.

The telco announced on Thursday it would begin moving customers over its own BT Mail platform later this year.

All BT broadband customers are automatically given a Yahoo Mail account, which means it will move six million accounts to the new email system. Customers will be able to keep their existing inbox and folders but will be prompted to change their password, according to BT.

Also, after 17 June, BT will begin to deleting any BT Yahoo email accounts that have not been accessed within 150 days of that date.

Since February, a number of BT customers began reporting a wave of BT Yahoo email account hijacking incidents. The reports occurred around the same time as a rise in hijacks affecting customers of Telecom in New Zealand, which also relies on Yahoo for customer email.

In February, Telecom NZ cancelled the passwords on 75,000 of the 450,000 Yahoo Xtra email accounts as a result of the attacks. It announced in April that it would retain the Yahoo service, however.

BT will now partner with messaging and security vendor Critical Path for its own BT Mail system, which will feature in-built antivirus and antispam.

The company is also shutting down its BT Yahoo portal and moving to its recently launched portal.

The Yahoo Mail account hijacks occurred after a cross-site scripting (XSS) flaw affecting Yahoo Mail was discovered in January but was claimed to have been fixed that month by Yahoo. An exploit for an XSS flaw was also selling online for $700 in December last year. 

Topics: Security, Telcos, United Kingdom

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Scandalous

    Its a scandal. Starting 5 months ago my mailbox was repeatedly hacked and data sued to send very specific targeted SPAM using a spoof of my email address to my friends and customers. I compliance to BT only to be repeatedly told 'its you, not us' and 'we cannot be hacked'.

    Having been a BT customer since the internet was born I was forced to switch to another network as the only way to stop it. There is something seriously wrong at BT or their Indian call centre
    Alan Mac
  • India is rife with corruption

    I do not and have never trusted any call centres or related services coming from Out of India. It is rife with corruption and organised gangs of scammers and thief's.