BT, the UK-based telecommunications company with more than 18 million customers, is dumping Yahoo Mail following a successful hacking campaign that hijacked e-mail accounts and used them to send spam, according to published reports.
BT's plans come four months after Ars was among the first publications to report on the mass campaign. At the time, attackers were able to commandeer Yahoo Mail accounts because administrators had failed to apply an eight-month-old security patch in the WordPress content management system that powered one of its blogs. By including malicious JavaScript in innocuous-looking webpages, the attackers were able to exploit the vulnerability and seize control over Yahoo Mail accounts that happened to be open while the booby-trapped webpages were viewed.
In March, more than two months after Yahoo finally applied the WordPress fix, criminal spammers continued to hijack Yahoo Mail accounts, suggesting that other security holes remained. That same month, Vivek Sharma, the general manager of Yahoo Mail and Yahoo Messenger products reportedly vacated his post for unknown reasons.