Yahoo! Mail reportedly loses key customer following mass hack attack

BT, the UK-based telecommunications company with more than 18 million customers, is dumping Yahoo Mail following a successful hacking campaign that hijacked e-mail accounts and used them to send spam, according to published reports.

BT's plans come four months after Ars was among the first publications to report on the mass campaign. At the time, attackers were able to commandeer Yahoo Mail accounts because administrators had failed to apply an eight-month-old security patch in the WordPress content management system that powered one of its blogs. By including malicious JavaScript in innocuous-looking webpages, the attackers were able to exploit the vulnerability and seize control over Yahoo Mail accounts that happened to be open while the booby-trapped webpages were viewed.

In March, more than two months after Yahoo finally applied the WordPress fix, criminal spammers continued to hijack Yahoo Mail accounts, suggesting that other security holes remained.

A BT official on Thursday told The Telegraph that the telecom company would begin moving away from Yahoo within weeks. The new e-mail system will be hosted by California-based Critical Path and will include built-in spam and antivirus protections. The move should serve as a wakeup call to Marissa Mayer, the former Google executive who took Yahoo's helm with a mandate to revive the ailing Web company. Staying on top of things like WordPress security patches may seem mundane and an interruption from more business-critical operations, but they're actually not. In fact, they're key to a company's success.