Yahoo Recycled Email Accounts Turns Out to be Huge Security Risk
You may remember when Yahoo decided to do some spring cleaning with its email accounts and give users the opportunity to nab their preferred email address from old Yahoo email accounts that are no longer active. It seemed like a great way to give users what they want, as well as clean house to make things more organized for the company’s servers. However, it’s simply turning into a bit of a security nightmare.
Last month, Yahoo shut down old, unused email accounts and gave them away to users who’ve wanted the specific email addresses, but users of those recently-acquired email addresses are still receiving email that is meant for the old user of that account. From the face of it, it doesn’t seem like a huge deal, and it’s more a nuisance for the new user than anything. However, the emails that new users are receiving that are meant for the old users include personal information.
According to Information Week, some users are receiving emails that include the old user’s name, mailing address and phone number. Plus, other revealing information can be had with these kinds of emails, including the last four digits of someone’s social security number and even where someone’s child goes to school. Another user says that they received an email confirmation for an apartment application.
Obviously, this kind of information getting into the wrong hands could prove disastrous for the old user that had the email address before the new user. Yahoo knew about the security risks involved, and it said it would do its part to make sure that old emails never make it to the new user, but it seems that not all emails are getting caught by the company’s special filter for this.
Yahoo deactivates old accounts for 30 days before giving them to new users. During that 30-day period, Yahoo automatically unsubscribes old users from any lists that send emails to that address. Of course, this method isn’t entirely foolproof, but Yahoo thinks it’ll be enough to stop most emails from making their way to the new user. However, the emails that are making their way through are pretty revealing, but Yahoo says that this is only affecting a very small number of users.
This just proves that if you no longer use an email address or change email address, it’s crucial that you switch over all of your important services to the new email address, including services that keep personal information, like emails from banks and wireless carriers.