backtop


Print 20 comment(s) - last by Fritzr.. on Jun 22 at 11:53 PM

Critics say recycling of old accounts could lead to identity theft

Web giant Yahoo has operated its own e-mail service (free and paid) for many years, and many of us at one point in time have owned (or still own) a Yahoo email address. As you can imagine, a huge number of people all around the world subscribed to Yahoo's services, used the accounts for a while, and then abandoned the account.

The problem for Yahoo and users who actually want to use the Yahoo e-mail service is that having millions of dormant accounts taking up usable names kept some people from using the e-mail service.
 
As a result, Yahoo announced that it plans to recycle inactive user IDs. Yahoo's plan would take any accounts that have been inactive for more than 12 months and make them available for use by other users.


[Image Source: Inquirer.net]

Privacy advocates are now rallying against Yahoo's plans saying that by recycling inactive user IDs, Yahoo could allow spammers and other nefarious users to assume the identity of the previous account holder. Yahoo says that it has safeguards in place and is coordinating with other web companies such as Google and Amazon to minimize any risk of identity theft.

"[The possibility of identity theft is] something we are aware of and we've gone through a bunch of different steps to mitigate that concern," said Dylan Casey, a senior director for consumer platforms. "We put a lot of thought, a lot of resources dedicated to this project."

Yahoo will also be unsubscribing inactive accounts from all mailing lists to prevent the new account holders from getting content they didn't ask for.

"Can I tell you with 100 percent certainty that it's absolutely impossible for anything to happen? No. But we're going to extraordinary lengths to ensure that nothing bad happens to our users," Casey added.

Source: Reuters



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

more a user problem then yahoo
By carigis on 6/20/2013 10:36:11 AM , Rating: 3
now, Im not sure how i feel about this. I get the complaints. but my way of looking at this is if you stop using a service, you really should be taking the responsibility of cancelling or transfering all your accounts, newsletter subscribtions, notifying people of your new address etc.

You can't expect to own the name forever if your not using the service.

i mean how many people use yahoo for dozens of one time burner accounts etc for signing up for things you don;t want to ever recieve emails from.

Im thinking one thing that might help is after the 12 months, maybe have a 6 month FROZEN period were all emails are bounced return to sender.

kinda like telephone numbers, usually they will drop an error message for six months or so before they reassign them.

as much as Im not a fan of yahoo.. this seems to be a user problem.. not yahoo's.




RE: more a user problem then yahoo
By BRB29 on 6/20/2013 10:56:53 AM , Rating: 2
yahoo can just make a new domain name


RE: more a user problem then yahoo
By Fritzr on 6/22/2013 3:15:02 AM , Rating: 2
They have already done that.
ymail.com and rocketmail.com are also Yahoo Mail addresses.

This proposal is for cancelling all those accounts created by users who wanted to try it or needed a one off throwaway account or lost their password while their contact info was incorrect and thousands of other reasons for accounts being created and abandoned with no indication to Yahoo other than inactivity.

However on checking on their policies for free mail, I find that an account expires automatically if inactive for 6 months plus 2 months times for each year it was active up to the last recorded activity.
http://en.wikipedia.org/wiki/Yahoo!_Mail
Other sources say 4 months flat
http://www.webdevelopersnotes.com/blog/email-addre...

Yahoo itself says only that an inactive account WILL expire unless it is a YahooPlus account (I'm assuming that having it's payments current is a requirement to prevent conversion to FREE mail and then expiration)
From the Termination portion of the TOS: (e) extended periods of inactivity,

Going from 4 months to 12 months actually makes these throwaway accounts last longer. If 12 months is shortening the period then you really have to wonder where the other sites giving authoritative answers got their info from.


By maverick85wd on 6/20/2013 11:25:46 AM , Rating: 3
I agree, bouncing msgs for 6 months is a good idea. I would also say 12 months isn't really that long, I've had accounts I didn't log in to for over a year and then used again. I'm guessing if they went back even four or five years they would still recover a lot of old addresses, but two or three years seems reasonable.


RE: more a user problem then yahoo
By Qapa on 6/20/2013 11:28:05 AM , Rating: 3
This is also a problem both ways:
- new user should be informed it is an already used account, so he can choose another one (I found myself getting SMSs and call with sensitive information for someone else... with a recycled phone number)
- old user may get sensitive information public to other people. So I agree with your suggestion of frozen account (bounce back as if it didn't exist), but I would suggest at least another 12 months

Another hypothesis would be that all servers would provide burner accounts...


"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." -- Charlie Miller














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki