Had a deluge of calls from customers today panicking about spam sent from their email account to everyone in their address book.
The common factor was that the email service was provided by the UK telecom BT, which in turn uses Yahoo mail for its none business customers. All of them had their accounts accessed from Yahoo! Mobile in various parts of the world (S. Korea, Vietnam, Netherlands, El Salavdor and more) over the weekend so it looks like either Yahoo's account, email or mobile services have been compromised.
In their usual style BT are claiming it is customers not providing good passwords or leaving them lying around (though how someone in Korea could guess both an email address and the corresponding password in the UK beats me) and Yahoo are conspicuous by their silence on the subject.
Hunting round the internet I found this article:
http://resources.avg...ail-accounts-hacked/seems it has now spread to other areas.
If you have a Yahoo email account (or a Yahoo powered account from a partner) check you login history via this link:
https://api.login.ya...oo.com/login/historyusing your normal email account details.
As a precaution you might want to change your password as a matter of urgency !!!
Ramble
I have always found Yahoo's mail servers to be particularly irksome, only rivalled by the amount of crap and irritation delivered by Hotmail.
I use BT myself and gave up with the email address years ago as I had spam in it before I even logged in on day 1.
Yahoo's spam filter is total rubbish letting loads of spam through and blocking loads of genuine mail. If sensibly you use POP to access you account the default setting block all perceived spam so you don't even see you mis-classified genuine mail - and most customers don't know how to fix that.
Every iteration of their awful webmail system just seems to get worse and worse, even to the point of needing ActiveX controls in IE to attach files.
If you use Yahoo I would thoroughly recommend setting up your own email address and give yourself control over it. The advantages are portability, not having to use bug ridden and security flawed systems and control. OK you will probably have to pay for a domain name and some hosting but it doesn't cost a lot and is a hell of a lot more predictable and flexible!