Yahoo addresses privacy concerns over recycled user IDs

[Shawn Knight]

Last week Yahoo revealed plans to reset and re-issue inactive user IDs. The idea here is to once again make available desirable Yahoo IDs that have long since gone unused. It sounds like a win-win for everybody involved as users could get a shot at their preferred ID while Yahoo gets to do some house cleaning and gain some publicity in the process.

What could go wrong? Well as it turns out, quite a bit actually.

Yahoo noted that any ID that has been inactive for over a year will be subject to deactivation and ultimately made available again. Using that premise, let’s say you own two e-mail accounts: one for everyday use and another that’s simply given out when you create a new account online (your Yahoo account) for activation purposes.

Most would agree that this is a pretty common practice as it routes unnecessary or potentially spammy messages to the latter account, keeping your main inbox nice and tidy. Now let’s also say that it’s been slightly longer than a year since you last logged into your Yahoo account and you somehow happened to miss this bit of news from Yahoo in the media.

You can quickly see where this is going. Your Yahoo account gets shut down and recycled, another user scoops it up and with a bit of luck, they could potentially send a password reset request to that address from a website and gain access to your account. Uh oh.

It seems like a plausible scenario but Yahoo has you covered, or so they say. In a statement released on the matter, Yahoo said they are confident in their ability to free up desirable namespace in a way that is safe and secure. Here’s how.

First, Yahoo points out that the vast majority of inactive Yahoo IDs don’t have a mailbox associated with them. Furthermore, all accounts will be purged of any previous user data before being made available again.

Also, the company will initiate a 30-day grace period between deactivation and making the ID available to someone else. During that time, Yahoo will send bounce back e-mails to senders notifying them of the deactivation as well as send notifications to merchants, e-commerce sites, financial institutions, social networks, email providers and other online properties on your behalf.

Whether or not this will be enough, however, remains to be seen.

Permalink to story.

https://www.techspot.com/news/52974-yahoo-addresses-privacy-concerns-over-recycled-user-ids.html

 

[St1ckM4n]

Called it..

 

[FF222]

The problem is not Yahoo, but sites relying on users having/keeping their email addresses indefinitely, and treating email boxes trusted delivery endpoints, which in fact they're not. This needs to be fixed.

 

[Puiu]

And they plan of telling websites that already have that email: please don't spam it cuz it's inactive?

my old yahoo account gets so much crap that it's unusable, but I still use it a few times a year. they should make the inactive period at least 2 years if not 3.

I think it's going to be funny when you make a new account only to find out that you get gay porn on it because of the previous owner ^_^

 

[Guest]

Or getting undesired material with an illegal nature. If you're investigated and your emails are checked then you're pretty much screwed even though it was the previous owner of the address. Even if there are records that it was a new account - in the eyes of the jury - who can say if the person would be lying by blaming the previous owner or telling the truth.

 

[Puiu]

Or getting undesired material with an illegal nature. If you're investigated and your emails are checked then you're pretty much screwed even though it was the previous owner of the address. Even if there are records that it was a new account - in the eyes of the jury - who can say if the person would be lying by blaming the previous owner or telling the truth.

evidence like this does not hold in court since they can explain it, all they have to do is check time stamps on both emails to check if your email ever received something before you got that ID.

 

[treetops]

Lol so someone who uses the same username across the web, will get screwed by this if they have not logged onto there email in a year. A lot of people have their old email tied to accounts that they no longer use. Say you play world of warcraft and havent logged onto your email for a year. Say your user names are treetops4 and your email is treetops4@yahoo.com. The first account guess would be spot on. They can reset your wow password and steal control of your entire battlenet or steam account. Someone at yahoo thought wow this idea will make media buzz, then someone with common sense said hey that is not a good idea, but the douche in charge didn't want admit he made a mistake so he pushed his idea forward. The same can be said for a amazon or ebay account, heck maybe even paypal and some bank accounts.

Hackers are already likely developing or have developed bots to find out what yahoo emails are currently in use by attempting to log on with every combo. They will try to recreate every previously determined owned email account and grab as many previously owned email accounts as they can as soon as this hits. Then automatically try to use the email user names on banking, auction, game sites lickity split. Hell a lot of sites simply use your email as your username. They will then funnel out anything they can. Perhaps stealing your identity in the mean time.

This is like a typical Dilbert comic strip....

 

[Guest]

Geez, how hard is it to login to your email account once a year, assuming you want to keep it.
Just pick a date say your Birthday or New Years, or May 5, or July 4, or whatever and login to your Yahoo email account on that day. Please stop complaining and do something constructive.

 

[St1ckM4n]

Geez, how hard is it to login to your email account once a year, assuming you want to keep it.
Just pick a date say your Birthday or New Years, or May 5, or July 4, or whatever and login to your Yahoo email account on that day. Please stop complaining and do something constructive.

Confirmed for a bad excuse for a troll. If your understanding is at the level of a child, don't be hating on people who DO understand.