Yahoo ID recycling could lead to trouble
Posted on 20 June 2013.
Yahoo has announced that coming July 15th, any Yahoo email account / Yahoo ID that hasn't been logged into for over a year will be "freed up" and can be snapped up by another user.

While the plan has obvious advantages for Yahoo, it could be a big, big problem for users who have associated their Yahoo email address with other online services but haven't, for one reason or another accessed that particular email account for a year or more.

In fact, a similar scheme by Microsoft concerning Hotmail email accounts has been proved dangerous by researchers from Rutgers University in Newark, New Jersey, who demonstrated that "retired" accounts can be requested by attackers and used to hijack users' Facebook accounts.

By misusing password reset options and using clever social engineering, a new malicious owner of a Yahoo ID could ultimately effect a thorough hijacking of the previous users' online persona and access sensitive online accounts - social network accounts, but also those at PayPal and possibly even online banking accounts.

Commenters have almost universally condemned Yahoo's plan, and pointed out these potential problems. But Yahoo is "committed and confident" that they can pull this off without putting their users' data in jeopardy.

"Itís important to note that the vast majority of these inactive Yahoo! IDs donít have a mailbox associated with them. Any personal data and private content associated with these accounts will be deleted and will not be accessible to the new account holder," the company stated for Wired.

"To ensure that these accounts are recycled safely and securely, weíre doing several things. We will have a 30-day period between deactivation and before we recycle these IDs for new users. During this time, weíll send bounce back emails alerting senders that the deactivated account no longer exists. We will also unsubscribe these accounts from commercial emails such as newsletters and email alerts, among others. Upon deactivation, we will send notification for these potentially recycled accounts to merchants, e-commerce sites, financial institutions, social networks, email providers and other online properties."









Spotlight

Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. Itís not.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Sep 3rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //