Yahoo Loses 6 Million Customers Over Email Hacking Problem

Gerry Smith
Updated
NEW YORK, NY - MAY 20: Yahoo! CEO Marissa Mayer attends a news conference following the company's acquisition of Tumblr at a press conference in Times Square on May 20, 2013 in New York City. The internet giant Yahoo! purchased the blogging site Tumblr for $1.1 billion. The company also announced a sleek new redesign of its Flickr photo service. (Photo by Mario Tama/Getty Images) (Photo: )

A British telecom company says it will no longer make Yahoo Mail the default email service for its 6 million customers due to concerns their accounts are vulnerable to getting hacked.

“We will be switching customers’ email over to BT Mail, which will include the features and functions they expect from a modern email service,” said Nick Wong, online director for British Telecom’s consumer division, according to The Telegraph.

The shift of BT's 6 million customers to another email service represents just a small fraction of Yahoo's overall email customer base of about 280 million people worldwide. But the loss of clients could be a troubling sign for a company that relies heavily on maintaining its email users to generate advertising revenue. Yahoo is now the third-largest email provider after Google’s Gmail and Microsoft’s Outlook.com.

As part of her bid to revive the fading Web giant, Yahoo CEO Marissa Mayer in December unveiled a redesign of Yahoo Mail aimed at making the service more sleek and user-friendly.

Love HuffPost? Become a founding member of HuffPost Plus today.

But Yahoo Mail has still been plagued by security vulnerabilities, and many customers have been under assault from hackers. They have complained of an increase in spam sent to their contacts and being locked out of their accounts by hackers who hijacked their passwords.

In one incident reported in January, hackers were able to access accounts by sending a malicious link to victims' inboxes. Yahoo said it has since fixed the security flaw.

Chester Wisniewski, a senior adviser at the security firm Sophos, said Yahoo's hacking problem stems partly from the company's decision not to implement two-factor authentication -- a feature that sends additional one-time passwords to users' cell phones to make their online accounts more difficult to hack. Gmail and Outlook.com currently offer two-factor authentication.

"Yahoo is the only one that doesn't have the ability to warn you that somebody else has accessed your account," Wisniewski said. "If I were advising a friend who needed a free email account, I'd say stay away from Yahoo."

A Yahoo spokesperson did not respond to a request for comment.

Wisniewski said Yahoo may stand to lose more email customers, but he questioned whether security concerns about the service would greatly affect the company's overall performance.

"People wil be upset about this and Yahoo will lose more clients, but will they have a mass exodus that has an impact on their revenue? I doubt it," he said. "People are too lazy" to switch email providers, he said.

UPDATE: In a statement on Saturday, a Yahoo spokeswoman said the company "takes protection of its users' data very seriously" by implementing safeguards and encouraging users to protect their accounts by using strong passwords, anti-virus software and avoiding clicking on malicious links.

"Account compromise is a serious industry issue with new forms of abuse arising nearly every day," Yahoo spokeswoman Caroline Macleod-Smith said. "Yahoo actively monitors accounts for suspicious activity, and if we find it, we act to secure the account immediately and prompt users to change their passwords."

Redphone & TextSecure

If Silent Circle's $120 annual subscription fee is too much, but you still want the option of encrypting your calls and texts, try <a href="https://whispersystems.org/" target="_blank">Open WhisperSystems' free security apps</a> for iPhone and Android. Redphone allows users to encrypt their phone calls, while TextSecure allows them to do the same for texts.

Orbot & Onion Browser

The Android app <a href="https://play.google.com/store/apps/details?id=org.torproject.android&feature=search_result#?t=W251bGwsMSwxLDEsIm9yZy50b3Jwcm9qZWN0LmFuZHJvaWQiXQ" target="_blank">Orbot</a> lets you browse the web anonymously on your phone and would seemingly prevent <a href="http://www.huffingtonpost.com/2012/07/09/app-privacy-ads_n_1658191.html" target="_blank">advertising networks or others from getting information</a> about you based on your mobile web browsings. The <a href="https://itunes.apple.com/us/app/onion-browser/id519296448?mt=8" target="_blank">Onion Browser</a> works similarly, but for the iPhone.

Cloudfogger & NoteCipher

If you're afraid of storing information in the Cloud, you can try <a href="https://play.google.com/store/apps/details?id=com.cloudfogger.cf&hl=en" target="_blank">Cloudfogger</a>, an open-source Android and iPhone app that encrypts anything you store in the Cloud. If you have an Android phone, you can also pair that with <a href="https://play.google.com/store/apps/details?id=info.guardianproject.notepadbot" target="_blank">the Guardian Project's NoteCipher</a>, which encrypts notes on your phone's hard drive.

DuckDuckGo

<a href="https://play.google.com/store/apps/details?id=com.duckduckgo.mobile.android&hl=en" target="_blank">A search engine called DuckDuckGo</a>, available for the Android and the iPhone, has built its reputation around privacy. It doesn't track or store searches, and people who use it are effectively anonymous.

Gemini App Manager

Smartphone users can generally uninstall (or avoid altogether) apps that they believe compromise their privacy -- unless those apps are "<a href="http://whatisbloatware.com/" target="_blank">bloatware</a>," apps pre-installed by the phone's carrier and impossible to remove by normal means. The <a href="https://play.google.com/store/apps/details?id=com.seasmind.android.gmappmgr&feature=search_result#?t=W251bGwsMSwxLDEsImNvbS5zZWFzbWluZC5hbmRyb2lkLmdtYXBwbWdyIl0" target="_blank">Gemini App Manager</a> for Android allows <a href="http://www.howtogeek.com/115533/how-to-disable-or-uninstall-android-bloatware/" target="_blank">users to get around the phone's restrictions and disable the bloatware</a>, thus removing potentially privacy-invading apps.

This article originally appeared on HuffPost.