Skip to content

Yahoo to Recycle Dormant Email Accounts

June 21, 2013

Yahoo plan to reuse email accounts

By Gilbert Falso :: 1:46 AM

In a controversial move that has cyber security experts concerned, Yahoo is making plans to recycle unused Yahoo Mail accounts that have gone dormant for at least one year.

Yahoo’s senior vice president Jay Rossiter posted on the company’s blog today that any e-mail accounts that have not been logged in to for more than a year will be reset so that any active Yahoo Mail user can take that address.

“If you’re like me,” he wrote, “you want a Yahoo! ID that’s short, sweet, and memorable like albert@yahoo.com instead of albert9330399@yahoo.com.”

Beginning on July 15th, anyone can register for their preferred Yahoo Mail e-mail address. In mid-August, the company will begin releasing accounts that have been unused. The process will continue on a rolling basis.

Many security experts are shocked that Yahoo would compromise the privacy and data security of older users who may not have logged into Yahoo Mail in some time.

“It is very possible that someone might have set up online banking with an ID in 2004, and then hasn’t checked the email address in a few years,” says Charles Hogan, a security consultant in Madison, Georgia. “What if, a year or so down the road, they change their password, or confirm what they thought was their e-mail address?  Sensitive personal information could then be sent to the new owner of that email address.”

Hogan is also concerned that spammers and identity thieves will target Yahoo Mail to scoop up popular first and last name initials and combinations, in hope of eventually receiving some data they can use to hack into financial accounts and other systems.

“What’s to stop a group of hackers from requesting ‘csmith@yahoo.com, charliesmith@yahoo.com,’ and so on,” said Hogan. “Is Yahoo taking safety precautions to ensure only legitimate individuals are requesting old accounts?

Yahoo says that it will implement safety checks in the process of turning over old email addresses, including attempting to unsubscribe the former user from mailing lists and other services.

“We’re committed and confident in our ability to do this in a way that’s safe, secure and protects our users’ data,” the company said in a statement after initial reactions to the plan were not well received.