Yahoo!’s policy of recycling inactive email accounts has backfired on them, as new account owners are receiving personal emails that aren’t meant for them.
The policy, active since June, means that Yahoo IDs and addresses are reassigned to a new user if left inactive for a year or more. But obviously both Yahoo! and some of its users got more than they bargained for.
The emails have been reported to contain highly sensitive information. As a result, privacy experts have been called in, in order to solve the problem quickly and without further incident.
According to a Yahoo! Spokesperson, “Before recycling inactive accounts we attempted to reach the account owners [in] multiple ways to notify them that they needed to log in to their account or it would be subject to recycling,” The spokesperson went on to say that, “We took many precautions to ensure this was done safely – including deleting any private data from the previous account owner, sending bounce-backs to the senders for at least 30-60 days letting them know the account no longer existed and unsubscribing the accounts from commercial mail.”
Interviewed by BBC News, Tom Jenkins, an IT security professional and recipient of such an account, revealed just how damaging this malfunction could potentially be, “I can gain access to their Pandora account, but I won’t. I can gain access to their Facebook account, but I won’t. I know their name, address and phone number. I know where their child goes to school. I know the last four digits of their social security number. I know they had an eye doctor’s appointment last week and I was just invited to their friend’s wedding.”
As much as Yahoo
! has responded swiftly to this scandal, critics who have slated the initiative from the beginning are now finding themselves vindicated. Mike Rispoli of Privacy International said, “These problems were flagged by security and privacy experts a few months ago when Yahoo announced their intention to recycle old emails, and cautioned that Yahoo’s plan created significant security and privacy risks. Yahoo downplayed these risks, and ignored critics, but now we see these concerns were legitimate,”
Mr. Rispoli went on to say that, “This email recycling scheme, an effort to re-engage old users and attract new ones, is resulting in some of our most intimate data being accessed by someone we don’t know and without our knowledge (…) We’re talking about account passwords, contacts for friends and families, medical records – this issue needs to be addressed immediately by Yahoo if they care about the privacy of their users and want them to trust the company with sensitive information.”
Our experts say that the best way to avoid this fate is actually to cancel any email account that is not currently in at least semi-regular use, having first deleted all content from the account.
Yahoo! Becomes ‘Yikes!’ as Recycled Accounts Relay Sensitive Information to the Wrong People