backtop


Print 20 comment(s) - last by Fritzr.. on Jun 22 at 11:53 PM

Critics say recycling of old accounts could lead to identity theft

Web giant Yahoo has operated its own e-mail service (free and paid) for many years, and many of us at one point in time have owned (or still own) a Yahoo email address. As you can imagine, a huge number of people all around the world subscribed to Yahoo's services, used the accounts for a while, and then abandoned the account.

The problem for Yahoo and users who actually want to use the Yahoo e-mail service is that having millions of dormant accounts taking up usable names kept some people from using the e-mail service.
 
As a result, Yahoo announced that it plans to recycle inactive user IDs. Yahoo's plan would take any accounts that have been inactive for more than 12 months and make them available for use by other users.


[Image Source: Inquirer.net]

Privacy advocates are now rallying against Yahoo's plans saying that by recycling inactive user IDs, Yahoo could allow spammers and other nefarious users to assume the identity of the previous account holder. Yahoo says that it has safeguards in place and is coordinating with other web companies such as Google and Amazon to minimize any risk of identity theft.

"[The possibility of identity theft is] something we are aware of and we've gone through a bunch of different steps to mitigate that concern," said Dylan Casey, a senior director for consumer platforms. "We put a lot of thought, a lot of resources dedicated to this project."

Yahoo will also be unsubscribing inactive accounts from all mailing lists to prevent the new account holders from getting content they didn't ask for.

"Can I tell you with 100 percent certainty that it's absolutely impossible for anything to happen? No. But we're going to extraordinary lengths to ensure that nothing bad happens to our users," Casey added.

Source: Reuters



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

By amanojaku on 6/20/2013 12:24:03 PM , Rating: 3
"Recycling" accounts is the same as "recycling" postal mailing addresses. If someone moves out of the house or apartment, the address doesn't change. Sure, the new owner of an address runs the risk of getting mail for the previous owner, but that's no different from receiving spam. The previous owner had the option of removing himself from mailing lists, services, etc... before abandoning the account. Besides, the accounts are deleted before being re-issued, so nothing remains from the previous owner.




By Stuka on 6/20/2013 9:33:09 PM , Rating: 2
This is entirely different because the implications of real estate is effectively widely known and accounted for. There is ZERO precedent for email addresses changing hands because it has never happened. So, email addresses are, for all practical applications, personally identifiable. When you sign up for a chat client or just about any internet service or website, all you need is an email address, and all your activity and information is tied to that address and access to it's inbox. Postal addresses are not in themselves an identifier, they must be accompanied by other info such as name, DOB, SSN, etc.

To make this work, there needs to be a vast procedural and cultural change across the internet, not just one website's last gasp at remaining solvent.


By Fritzr on 6/22/2013 11:53:31 PM , Rating: 2
Postal addresses are all you need. Their bank sends out paper statements, the postman delivers them to the designated address. It is up to the residents to then distribute the mail correctly.

Forget to update your address and confidential information WILL be mailed to the new residents. Who may toss the mail in the trash, read the mail (it is delivered so the Post Office no longer cares) or hands it back to the postman with a note saying "Addressee Unknown". The last is what the Post Office thinks you should do, but the first two are the usual treatment.

New Resident receives bank statement. New Resident uses the bank statement and CORRECT mailing address to receive the forms for update. Account updated, address is changed, then plundered. If the investigation contacts New Resident, they simply say they don't remember seeing any of that mail. The fraud was done from a separate address, so someone else must have done it (of course New Resident does not say this because they don't even remember seeing the mail from the bank :P )


"Let's face it, we're not changing the world. We're building a product that helps people buy more crap - and watch porn." -- Seagate CEO Bill Watkins














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki