Yahoo’s Recycled Emails Pave the Way for Identity Theft

A few months back Yahoo reclaimed inactive email accounts and then gave them out to new users in August. In the weeks since the roll-out, Yahoo has been on damage control and trying to smooth the transition as much as possible.

InformationWeek reported earlier this week that Yahoo’s biggest fear with the transition has been realized. Within a day of getting the new accounts, people started receiving emails intended for the previous owners. While the accounts may have been inactive for 12 months, that doesn’t mean the original owners had forgotten about then. They were most likely dumping grounds for promotions and junk.

shutterstock_121661878Most people have one or two email addresses that they give out when they need to sign up for something. They might want to comment on an article but don’t want to give out an email address or receive emails from the brand.

So many companies require log-ins today that it’s almost impossible to remember to change everything when you transition emails. Remember that one blog post you commented on two years ago that you had to submit your email address for? Well, that back-up Yahoo email address has been receiving promos from that blog for the past 24 months.

The problem, however, isn’t just that the new email owners are filtering through unwanted promotions. The problem is that they’re getting important security information and confidential emails from banks and government organizations.

People have received wedding invitations, airline confirmations, romantic propositions, funeral announcements and court information.

The interviewees in the Informationweek article said it would be incredibly easy to steal someone’s identity from all of the knowledge they’ve acquired from the previous email occupant. They know everything from where the user’s children go to school to their address to their birthday and last four digits of their social security number. The tech experts interviewed might not want to commit identity theft, but others might.

shutterstock_91511927In response to the sheer number of emails and private information getting shared with the wrong people, TechCrunch reported that Yahoo is creating a “Not My Email” button that returns messages meant for the previous party.

Yahoo claims that they had implemented a 30-60 day bounce back period where all messages were bounced so the senders would know that the email address was invalid. The problem is that mail systems are mostly run by software that might not respond to a bounce and remove the email from the list.

Users with newly adopted email accounts might be in for an uphill battle when it comes to rejecting messages. The TechCrunch article explained that most of the emails are common first names that were picked when the mail service was still new. Matt@, Bethany@, etc. These are also the types of emails that people are likely to give out when stores and blogs ask them to sign up. Someone named Andrew Smith might give out Andrew@yahoo just to satisfy a store clerk, which means Andrew McGee who actually owns that email will start receiving coupons and promos.

Does all of this make you wish you had one of Yahoo’s recycled emails yet? More importantly, will Yahoo be held accountable if someone has their identity stolen because of this program?