Broadband and phone provider BT is being investigated by the UK data regulator following accusations that spammers were compromising its email accounts.
Last May, BT dropped Yahoo! Mail and went with Critical Path, and that relationship worked until Critical Path was purchased by Openwave Messaging - and a company employee informed the UK Information Commissioner's Office that BT customers were affected.
"BT takes the security of all products very seriously," a BT spokesperson told British media. "And in the process of developing new services with partners, we rigorously audit and test for security, and fix any identified issues before going into live service."
According to the whistle blower, the technique used by Critical Path was insecure, as the company is tasked with transferring seven million users.