A short while ago, Techlicious reported on Yahoo’s effort to recycle old, dormant user names. Predictably, there was a lot of handwringing over the idea. While it’d be great to free up desirable but long-dormant user names, there was a lot of concern over whether Yahoo could do it without creating pressing privacy and security concerns. Still, the email provider suggested accounts really could be “recycled safely and securely.”
As it turns out, Yahoo was wrong and the skeptics were right. According to a lengthy report by Information Week, owners of newly recycled Yahoo accounts are receiving plenty of email intended for the address’s previous holder. And it’s not just spam, either – incredibly sensitive personally identifying information is winding up in the hands of total strangers.
Under the terms of Yahoo’s controversial plan, any email address that had not been signed in to for over a year would be deactivated and offered to new users. Yahoo would then monitor the account for 30 days, send bounce notifications to email senders, unsubscribe the account from bulk lists and even implement a new type of email filtering technology. Unfortunately, those efforts are falling well short.
"I can gain access to their Pandora account, but I won't. I can gain access to their Facebook account, but I won't. I know their name, address and phone number. I know where their child goes to school, I know the last four digits of their social security number. I know they had an eye doctor's appointment last week and I was just invited to their friend's wedding," explained one Yahoo Mail user, detailing the kind of personal correspondence he's seen in the short time he's owned his Yahoo account. Others are reporting getting airline flight confirmations, emailed receipts, court documents and even funeral announcements meant for their account’s previous owner.
For its part, Yahoo says only a “very small number of users” are reporting getting mail intended for other people. The problem: Plenty of recycled account holders likely won’t self-report a problem involving someone else's data. After all, when was the last time you complained to your email provider about getting mail meant for someone else? (To its credit, Yahoo announced this week it would be implementing a 'Not My Email' button to aid reporting.)
Yahoo’s email account policy should give you serious pause before opening up a new email account with the company. Email accounts should never be recycled, because there’s no way to guarantee it can be done safely, as Yahoo proved.
If you have a current Yahoo email account, I strongly recommend signing in to it regularly lest a stranger wind up thumbing through your mail. I’d also recommend you never use a Yahoo email account for your online banking, e-commerce sites or social networks, lest you risk these being compromised one day. If you do currently, you should migrate to Google, Outlook or one of any number of other email providers smart enough not to offer account recycling. Yahoo email just isn’t secure enough anymore.