Skip to main content

Yahoo 'recycling' old e-mail, raising security concerns

Doug Gross, CNN
The Yahoo logo is displayed on a flag flying at the company's headquarters in Sunnyvale, California, on April 16, 2013.
The Yahoo logo is displayed on a flag flying at the company's headquarters in Sunnyvale, California, on April 16, 2013.
STORY HIGHLIGHTS
  • Yahoo will "recycle" dormant account names and e-mail addresses
  • The move is meant to free up attractive IDs for active users
  • Security experts fear this could jeopardize privacy
  • Yahoo is "committed and confident" the transition will be safe

(CNN) -- Yahoo has announced a plan to "recycle" old e-mail addresses, a move meant to free up accounts for folks who want them but that has sparked privacy concerns.

In a blog post, senior vice president Jay Rossiter announced that Yahoo e-mail accounts that have been dormant for more than a year will be reset so that active users can have access to them.

"If you're like me, you want a Yahoo! ID that's short, sweet, and memorable like albert@yahoo.com instead of albert9330399@yahoo.com," he wrote.

The one-year period will officially begin July 15, when users can "claim" a dormant account name. They'll find out in mid-August if they got the account they wanted.

Behind Yahoo's Tumblr gamble
Yahoo extends maternity leave

It's clearly an effort by Yahoo, which has been working to redefine and rejuvenate itself under new CEO Marissa Mayer, to re-engage older users and reward active ones. But it has security experts nervous.

Read: How Marissa Mayer is remaking Yahoo as an Internet portal

Security analyst Graham Cluley doesn't mince words.

"In short: as an idea it sucks, and it shows Yahoo's lack of respect to customers who created accounts with them in years gone by," Cluley wrote Wednesday.

Cluley lists several scenarios where the plan could backfire. They include situations in which a user has another primary e-mail account, but has given their Yahoo address as a backup in case of security situations, lost passwords and the like.

He said the move appears to be "an underhanded way to get people to re-engage with the site" and that people who may not actively use their Yahoo mail, but use it to store old messages and other documents, could lose them without ever realizing it.

Mat Honan of CNN content partner Wired, himself the recent victim of a high-profile hack, called the move "a spectacularly bad idea."

In the wake of such complaints, Yahoo released a followup statement saying it's sure the transition can be made without compromising security.

"We're committed and confident in our ability to do this in a way that's safe, secure and protects our users' data," the company said.

The vast majority of inactive Yahoo IDs don't have a mailbox associated with them, the company said, and any personal data associated with the accounts will be deleted.

During a 30-day deactivation period, bounce-back e-mails will alert senders that the deactivated account no longer exists and Yahoo will unsubscribe those accounts from newsletters, commercial e-mail alerts and the like.

Businesses, financial institutions, social networks and other e-mail providers will be sent notifications about e-mail addresses that have been deactivated.

See also: Behind Yahoo's Tumblr gamble

ADVERTISEMENT
ADVERTISEMENT