Skip to comments.Yahoo 'recycling' old e-mail [addresses], raising security concerns
Posted on 08/02/2013 1:08:26 AM PDT by grundle
Yahoo has announced a plan to "recycle" old e-mail addresses, a move meant to free up accounts for folks who want them but that has sparked privacy concerns.
In a blog post, senior vice president Jay Rossiter announced that Yahoo e-mail accounts that have been dormant for more than a year will be reset so that active users can have access to them.
"If you're like me, you want a Yahoo! ID that's short, sweet, and memorable like firstname.lastname@example.org instead of email@example.com," he wrote.
The one-year period will officially begin July 15, when users can "claim" a dormant account name. They'll find out in mid-August if they got the account they wanted.
It's clearly an effort by Yahoo, which has been working to redefine and rejuvenate itself under new CEO Marissa Mayer, to re-engage older users and reward active ones. But it has security experts nervous.
Security analyst Graham Cluley doesn't mince words.
"In short: as an idea it sucks, and it shows Yahoo's lack of respect to customers who created accounts with them in years gone by," Cluley wrote Wednesday.
Cluley lists several scenarios where the plan could backfire. They include situations in which a user has another primary e-mail account, but has given their Yahoo address as a backup in case of security situations, lost passwords and the like.
(Excerpt) Read more at cnn.com ...
dormant for 1 year doesn’t seem long enough.
Yahoo is old enough to make it 10 years.
I really don’t see a problem with this. I recently tested a Yahoo email that I had started in the 1990s, and it was not a valid email address. I did not test to see whether I could open another email with that same address; if I have not thrown away the address and password info, I should try that. It may be that really old unused addresses are already available.
Depends on what they mean by "dormant".
If that means nobody has accessed the mailbox in a year, it doesn't seem long enough. If it means no email has been received for that address in a year I'd be much less concerned.
SPAM never stops. I doubt its possible to not receive any SPAM or updates to something you signed up for through a whole year.
AT least from my experience.
That’s why I’d be less concerned. They probably have decent spam filters, and wouldn’t count that. Things you’ve signed up for will eventually become obsolete or they’ll send out verification requests to clean up their lists. If they don’t recycle it until a year after that, it would probably mean it’s been 3-4 years since you’ve stopped using that address.
That was my first thought as well. 1 year is not nearly enough. I suspect there will be a bunch of folks that will try to recycle a bunch of old yahoo addresses and see if they can use them as levers to get into other accounts out there (think email verification of password resets). Seems to me like they are asking for a huge amount of fraud to be generated through their systems.
I could easily imagine a little creative mining that could be used to target specific individuals.