BT dumps Yahoo Mail after account hijack claims

BT will move six million co-branded email accounts to its own system in the coming months.
Written by Liam Tung, Contributing Writer

Following a surge in complaints about email account hijacking incidents, BT has decided to drop Yahoo as its email partner for its broadband subscribers.

The telco announced on Thursday it would begin moving customers over its own BT Mail platform later this year.

All BT broadband customers are automatically given a Yahoo Mail account, which means it will move six million accounts to the new email system. Customers will be able to keep their existing inbox and folders but will be prompted to change their password, according to BT.

Also, after 17 June, BT will begin to deleting any BT Yahoo email accounts that have not been accessed within 150 days of that date.

Since February, a number of BT customers began reporting a wave of BT Yahoo email account hijacking incidents. The reports occurred around the same time as a rise in hijacks affecting customers of Telecom in New Zealand, which also relies on Yahoo for customer email.

In February, Telecom NZ cancelled the passwords on 75,000 of the 450,000 Yahoo Xtra email accounts as a result of the attacks. It announced in April that it would retain the Yahoo service, however.

BT will now partner with messaging and security vendor Critical Path for its own BT Mail system, which will feature in-built antivirus and antispam.

The company is also shutting down its BT Yahoo portal and moving to its recently launched BT.com portal.

The Yahoo Mail account hijacks occurred after a cross-site scripting (XSS) flaw affecting Yahoo Mail was discovered in January but was claimed to have been fixed that month by Yahoo. An exploit for an XSS flaw was also selling online for $700 in December last year. 

Editorial standards