Skip Navigation

Yahoo! email and the spam problem
Tuesday 14 May 2013 10:04:07 by Andrew Ferguson

While many of our visitors will be using their own domains for email, or more traditional provider based POP3/SMTP services, there are millions who like the ease and portability of a web based mail system, and it is likely that the popularity of Yahoo! email is the reason it has been the target of so much hacking and malware.

In light of what appears to be a new round of hacking that affects BT Yahoo! (and probably other providers using Yahoo!) we asked BT for a statement on the current wave of spam.

"BT has spoken to the ICO and they are aware of this incident. We have also been informing customers affected by showing them a warning message when attempting to access their webmail service, and requiring them to reset their passwords, along with directing them to detailed online help on steps they should take to secure their accounts."

Latest statement from BT

"We have seen an increase in BT Yahoo! customers experiencing unusual activity on their email accounts in recent days. We are helping customers who have had issues, using online help and through BT’s call centres. As part of Yahoo!'s normal account security processes, if they detect suspicious activity they act to secure the account and prompt users to change their passwords. We also urge our users to use strong passwords and to use unique passwords for different online sites. For information on steps you can take to better secure your email account, including changing your account password and security phrase, please visit If you have BT NetProtect Plus as part of your BT Broadband or Infinity package, but have not yet downloaded it, please visit My Broadband at"

Earlier statement from BT

Channel 4 has a reasonable summary of the latest believed hack, and this raises the idea that part of the problem may not be that account details are compromised on the Yahoo! servers, but somehow a trojan is being installed on Yahoo! webmail users computers, allowing the hackers to then get access to access credentials.

The idea of malware or trojan being responsible is bourne out by our own experience, a neighbour asked us to look at their Vista PC as they had had a pop-up asking them to change their Yahoo! details for security reasons, but now a day or two later Yahoo! is not letting them login due to suspicious activity. As is common in cases like this Norton was not reporting anything, so the popular free utility Malwarebytes was downloaded and ran and found two malware applications and removed them, with the second often being installed via the first. The suggestion is that in this case, perhaps a two stage attack is carried out, the first getting the basic malware onto the PC, and then at a later stage a cunning pop-up skinned to fool people that it was an official Yahoo! warning was used to harvest login details. One improvement we did was to remove Yahoo! Messenger as the user never used it, but had assumed the pop-up was from the messenger app, this also improved the time for the PC to boot and be ready for use, in addition to removing other redundant software like Java.


Posted by herdwick over 4 years ago
BT Yahoo's approach of blocking access with a message requiring a password change is somewhat redundant if you're a POP3 user. You just get what appears to be a password error in your client software, can't get your email, and get confused / irritated.
Posted by mdar5 over 4 years ago
Interesting, do you know what was the Norton product that was failing:
Anti-virus or full Internet Security?
Editon year 2010,2011,2012 or earlier
Was the subscription package still valid on the PC (not out of date and not installed on too many computers) and was the program's definitions etc up to date.
Posted by andrew (Favicon staff member) over 4 years ago
It was the full suite, so all the pop-ups about busy CPU, which on an older machine are very frequent.

Single user and definitions up to date, edition not sure.
Posted by herdwick over 4 years ago
Malwarebytes very frequently finds things that Norton overlooks - perhaps they don't fall into Norton's definition of virus or malware or something. Same with McAfee. That's why Malwarebytes exists, to do something more than find tracking cookies on an infected PC.
Posted by AndrueC over 4 years ago
If only Java was redundant in our corporate environment :-/
Posted by shaunhw over 4 years ago
Java redundant ? Doesn't the ThinkBroadband Speed tester use that anymore ?
Posted by shaunhw over 4 years ago
Ah - So they updated the speed tester very recently. That must mean java is now redundant!
It certainly is for me at least, now.
Posted by zelly over 4 years ago
Andrew, this isn't just BT Yahoo. It's all of Yahoo including the free plain email addresses

It's also not a trojan. There are email accounts being hacked that haven't been logged into for years

Read the 70 page thread at
Posted by neken over 4 years ago
I've had three (of my four) standard Yahoo accounts hacked. I had Yahoo notifications of odd logins from various countries. No malware found on any machines and like zelly suggests, they were very low or no usage accounts so they weren't compromised by opening a dodgy mail or drive by attack.
Posted by drsox over 4 years ago
There certainly isn't any infection on some of the hacked accounts I've seen! Many different problems affecting Yahoo.
Posted by michaels_perry over 4 years ago
I do voluntary work for a local CAP and all of us have had our Yahoo accounts misused. We live in the UK but the miscreants appear to be in California or Oregon in the US - but that info can easily be spoofed. All we as users can do is change passwords yet again and choose even more complex, and so more difficult to remember, passwords that will take a little longer to work out. So BT Yahoo and ordinary Yahoo email accounts are at risk. Incidentally I run Malwarebytes and it found nothing yet the account was purloined anyway, so it doesn't appear to be a Trojan or rootkit doing this.
Posted by lelboy over 4 years ago
zelly 5 Ah, perhaps a little vindication for me? I was berated by other TBB users when I asked about Sky/Yahoo problems, specifically that an eBay account had been opened by someone using an address known ONLY to Sky and myself (causing much irritation)and never having been used - other than by Sky admin. Since their involvement with Yahoo, I have had these problems. Coincidence? Don't believe in it - never having had a problem until the structure change with Sky/Yahoo. Thoughts?
Posted by BBSlowcoach over 4 years ago
I get a lot of spam email from Yahoo addresses after a friends email address was hacked. I report the spam to:
including the routing details. I would like to think Yahoo investigates to close down the source and stop the perpetrators spreading more spam from future addresses they might try to set up. I hope you all do this. The more Yahoo is swamped the more likely they are to take the matter seriously. Much of this email does not even have the correct 'To' address, just part of the beginning. It baffles me how it is then routed to me.
Posted by zelly over 4 years ago
lel, it probably was your email being hacked, but it could instead have been eBay hacked to spoof the account verification email or bypass it. The buyer disappeared, so more likely a scam attempt. Did the buyer provide a real address to deliver the item to?

Have you told Action Fraud about it?

BBS, ask your friend to make reports to Action Fraud and the Information Comissioner's Office
You must be logged in to post comments. Click here to login.