The last time I was with Virgin Media was around 10 years ago, when I switched to another ISP, the day after the switch they disabled access to the email address. So this taught me to never use a ISP provided email again.
Instead bought a domain name and forward emails sent to my domain to a whatever email provider I want.
In regards to the owner of this account who says his 10 character password is cracked within a day. This suggests its either someone at VM who is able to reset the password without the customers knowing, or his device is compromised and no matter how long the password was it was destined to get found out. As there is no way that someone should be able to crack a 10 character password with upper and lowercase letters plus numbers within such a short time even if VM were allowing 1000s of login attempts per second. Which I assume they don't?