Yahoo Recycled Emails: Users Find Security Surprises

  • 24 September 2013
  • 3 replies
  • 1251 views

Userlevel 7
Badge +54
When Tom Jenkins, an IT security professional, learned in June that Yahoo planned to free up abandoned account IDs, he jumped on the opportunity to request a nickname he's had since high school. He was thrilled when Yahoo emailed him in August to say the ID was available.

"I had tried periodically to obtain this email address, but I was never able to do it," Jenkins said in an interview. "I was aware that these Yahoo IDs were once owned by someone else, but I was pretty surprised by the types of emails I immediately started getting."

In less than a day, emails intended for the original account owner hit his inbox. Among them were marketing emails from retailers and catalogs, which were a nuisance, he said. But then came the emails with sensitive personal information: messages from the former Yahoo account holder's Boost Mobile service, which included the account and pin numbers; emails from a Fidelity investment account; Facebook emails; Pandora account information; and more.
 
Full Article

3 replies

Userlevel 7
I am pretty sure I had read somewhere that they believed they would avoid this... and this result WAS expected at the time by some.
 
All I can say is "Yahoo.... we tried to tell you so!"
 
UGH!
Userlevel 7
Badge +54
We did have a topic about this quite a while ago when Yahoo first announced this idea but with it being such a worrying item I thought it needed a fresh topic starting about it and hopefully more people will see it for being "fresh".
Userlevel 7
Badge +54
Yahoo Responds To Recycled Email Security Problem
 
Yahoo announced late Tuesday night that the company plans to roll out a tool for recipients of recycled email accounts to return messages that were not intended for them. InformationWeek reported Tuesday on three Yahoo users who began receiving emails containing personal information intended for the former user -- including bank and wireless account information -- after signing up for a recycled Yahoo account.

The new button, called "Not My Email," will roll out this week and will be found under the "Actions" tab in users' inboxes. The button will help users of recycled accounts train their inboxes to recognize which email is intended for them and which is not, eventually rejecting email before the user has read it.

Yahoo said it also plans to help to users who have lost their Yahoo account due to inactivity. These steps include outreach to users by phone and email and extending the grace period for inactive accounts.
 
Full Article

Reply