Skip to main content

Yahoo! Users Receiving Emails Meant for Past Users

Yahoo! announced plans to recycle unused user IDs back in June. Though the majority of those accounts weren't attached to Yahoo! email addresses, a small percentage of the recycled IDs were attached to emails, and those were the accounts people were most concerned about. The potential for identity theft was obvious and it's little surprise that new Yahoo! users are now receiving emails meant for other users.

Amazon said in June that it was working with major web companies (including Google and Amazon) to minimize the risk of identity theft and that it would unsubscribe accounts being readied for recycling from commercial emails (newsletters, alerts, etc.). The company also said it would send emails to financial institutions, social networks, email providers, and others, notifying them that the email address was about to be recycled. It also requested that users log into their account if they wanted to keep it.

MORE: America Not As Paranoid As Online Privacy Survey Suggests

However, now that new users are all set up with their recycled IDs (the recycling process saw IDs dished out in mid-August), no fewer than three people have told Information Week of how they possess a lot more than the user ID of an old Yahoo! user. One man reported receiving Facebook emails, as well as various messages from the older user's phone provider (which included their account number and a pin), emails regarding an investment account, and their Pandora account information.

"I can gain access to their Pandora account, but I won't. I can gain access to their Facebook account, but I won't. I know their name, address and phone number. I know where their child goes to school, I know the last four digits of their social security number. I know they had an eye doctor's appointment last week and I was just invited to their friend's wedding," IT security professional Tom Jenkins told Information Week. "The identity theft potential here is kind of crazy."

Jenkins isn't alone. Others have received everything from funeral announcements to airline confirmations, as well as more mundane (but still annoying) emails like newsletters and catalogs. Yahoo! told IW that it's received minimal complaints from users of these new, recycled IDs, but that it's continuing to work with companies to ensure they implement an RRVS email header in any correspondence. This would check the age of an account before delivering an email and cause messages sent to the recycled account to bounce.

TechCrunch reports that Yahoo! is also planning the introduction of a 'Not My Email' button that users can click when they receive an email meant for the former user (or anyone else). It also plans to reach out to users of old accounts by phone and email, extend the grace period for inactive accounts, and offer users a way to reclaim their old accounts.

Though Yahoo! is clearly working hard to mitigate the damage and reduce the risk of identity theft, anyone with an old Yahoo! account would be forgiven for feeling uneasy. It's not uncommon for folks to have an 'throwaway' email account that they use for things like newsletters or signing up for web services, and they probably don't log into those accounts very often. Now they have to worry about how many accounts are attached to that address. What's more, if someone else already has access, they need to cross their fingers that the new account holder is a decent human being and won't act on any of the new information before Yahoo! has time to rectify the situation.

Follow Jane McEntegart @JaneMcEntegart. Follow us @tomsguide, on Facebook and on Google+.

  • obiown77
    Have not logged into my yahoo account in years.... , that was until 5 minutes ago.
    Reply
  • thethirdrace
    I'm gonna tell you a secret but don't tell anybody...

    If you move and don't change your address, all your mail is gonna go to your old house!

    Even more impressing, the paper envelop won't be enough to guard your personal info from prying eyes!

    Glad I could enlighten you with this hidden knowledge...
    Reply
  • TeraMedia
    They should treat user IDs like retired basketball jerseys. Why exactly do they need to recycle these things?

    The fact that they do recycle... makes me want to make sure I don't ever transmit or receive that type of information via a web-hosted email account. Chalk up another goof-up for the cloud.
    Reply
  • Pherule
    This is why I switched to Gmail. Yahoo mail is simply not trustworthy. I had to rush to find all my old Yahoo passwords to quickly get my Yahoo accounts back under my control. I don't use them any more, but there's no way I'm going to allow someone else to hijack them.

    The CEO should be fired for allowing this disaster to happen in the first place.

    On top of that, Yahoo deletes your mail if it get to a certain age. This is simply unacceptable. Gmail never deletes my mails, no matter how old. So what if I have mails 7 years old. My mail provider is NOT allowed to delete them without my permission. Doing so will force me to jump ship.
    Reply
  • bebangs
    for the record, their yahoo sports page.suck!
    Reply
  • lordjakian
    What the heck is up with every article being littered with these "I make 71 dollars at home" comments/scams? Hey Tom, clean up your site!
    Reply
  • Shin-san
    This may explain why I've been getting a lot of spam from Yahoo lately
    Reply