Yahoo's Plan to Free Up Old Email Addresses Too Risky
Mat Honan: It raises a host of security concerns
By John Johnson, Newser Staff
Posted Jun 20, 2013 1:08 PM CDT
Yahoo headquarters in Sunnyvale, Calif.   (AP Photo/Marcio Jose Sanchez)

(Newser) – Got an old Yahoo email address kicking around that you haven't checked in a year or so? Better log in over the next few weeks if you'd like to keep it. Otherwise, Yahoo is going to free it up for someone else. The example it uses is letting someone claim an address of "" rather than "" It may sound like some harmless house-cleaning, but this is a "spectacularly bad idea," writes Mat Honan at Wired.

"It means that people will be able to claim Yahoo IDs and use them to take over other people’s identities via password resets and other methods," he writes. If someone has a seldom-used Yahoo account as a backup to Gmail, for example, this raises the possibility that the new owner of the Yahoo address will figure out a way into the Gmail account. Yahoo insists it will take pains to make sure that any recycled ID is safe and secure, but Honan wants the company to rethink this one. Otherwise, "this is going to lead to a social engineering gold rush come mid-July." Click for his full post.

More From Newser
My Take on This Story
To report an error on this story,
notify our editors.
Yahoo's Plan to Free Up Old Email Addresses Too Risky is...
Show results without voting
You Might Like
Showing 3 of 10 comments
Jun 25, 2013 10:21 AM CDT
If Yahoo isn't careful, it might as well be Christmas for all those spammers seeking fresh meat. Just don't be surprised to see anyone's Yahoo inbox filled to overflowing with all matter of spam from "lonely Russian girls seeking mates" to the latest "phony Nigerian Acai berry diet investment" scams.
Jun 21, 2013 3:47 AM CDT
All actions have unintended consequences and not all unintended consequences are good. On the other hand, if you haven't used or cleared out an email account in say 3 years, why should any provider hold it open for you?
Jun 20, 2013 8:13 PM CDT
One thing I haven't seen discussed yet is that some of those accounts may seem to be abandoned, when in reality the still quite active. Inactive or abandoned accounts are classified as such because the owner has not logged in for X amount of time. That classification does not take into consideration accounts that are used as "spam dumps" I know quite a few people who use their Yahoo and Hotmail accounts in this way because they may encounter a page that requires an email for registration and do not want their primary, or work, emails to be swamped with the inevitable flood of spam once their address is sold to some marketing firm. I know Yahoo used to call if your account was inactive for over a year but I am not sure if they, or anyone else, still does. Another perplexing question is how can they possibly ensure that the spam directed at the old user will not continue after they take over the abandoned accounts. Some of those damn things contain a disturbing amount of personal information, ranging from the users name to their address. That would be an absolute, and extremely litigateable, cluster. We'll see.