Seems fairly obvious
From the postings of victims so far it does seem pretty obvious that some VM customers have had their mail stores stolen or at least analysed in depth.
Given that some of the victims haven't used web access for some time this is unlikely to be a recent browser exploit (unless perhaps they have their account passwords stored long term in cookies).
So either the mail store data has been compromised, or credentials from other modes of access such as IMAP/POP3 have been intercepted. Or possibly the users have re-used passwords which have been stolen elsewhere (not top of the obvious list).
If people have not even logged into the service recently via any means (I can't remember if Virgin offers auto-forward to another account) then this does point to a chunk of the mail store falling into the hands of spammers.
Reaching this tentative conclusion from the information posted so far in the thread is not rocket science. Any reasonably competent email (or IT in general) professional could reach a similar conclusion. However do VM have many on the books, and would they use them if they had? Denying responsibility is easier than investigating and finding something unpleasant.
As it happens I have ntlworld email accounts which are still active, although not very much, and fortunately I haven't seen any SPAM activity so far. This seems to suggest that not all addresses are compromised (or that the spammers are just cherry picking).
A professional ISP would work with the customers to try and establish any common factors - such as which tranche of migrations they were in, or if the were all blueyonder cutomers. It seems as though this isn't the modern way, though.
Hope that the action group can isolate a common factor, but it will be hard without VM cooperation.
Date of migration might be interesting; from the notification emails I have received as far as I can remember not all my accounts migrated at the same time.