Yahoo Mail addresses that have been recycled and reassigned to new users are still receiving emails intended for the original owners, according to Sophos.
The Internet giant announced in June this year it was going to recycle inactive addresses, and a month later created a watchlist that allowed users to monitor up to five Yahoo IDs and to receive a notification when they became available.
Users were charged $1.99 for the service, but security concerns raised at the time were dismissed by Yahoo who promised there would be a 30 day period between deactivation and recycling, during which it would alert senders that the mail account no longer existed, unsubscribe users to commercial email lists and send notifications to important addresses such as banks.
However, the first batch of new owners are still claiming they receive sensitive information such as passwords and personally identifiable information, with one user saying he had access to the former owner’s Facebook account and knew the last four digits of their social security number.
Yahoo told TechWeekEurope it had taken a number of steps to ensure the transfer of email addresses was handled securely. It said the accounts it recycled hadn’t been used in more than a year and it made a number of attempts to warn the affected user. It then deleted all private data from the account and sent the aforementioned measures to prevent emails intended for the previous user from reaching the new user’s inbox.
“We also collaborated with email service providers, merchants and other large email senders so they were aware of this effort, and worked extensively to get the word out directly to our users,” said a company spokesperson. “Additionally, we’re in the process of rolling out a feature in Yahoo Mail called ‘Not My Email’ where users can report that an email is not intended for them. We continue to look for ways to protect our users.”
Yahoo is currently enjoying a minor renaissance under CEO Marissa Mayer, who has grown traffic to around 800 million monthly users and received more unique visitors than any other US-based company during July.
How much do you know about Yahoo? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
I had an experience 3 weeks ago relating to this. I had to recover access to a Yahoo mail account which had lapsed (originally part of BT Broadband). I gave over the security details and although the Customer Service agent confirmed they were wrong, because I had the correct email address, I was given access to the account and realised it was not an account I recognised.
BT did not worry that they had locked an innocent user out of their account, or indeed that they breached data protection by allowing me access to the email account even thoguh the security and even the name did not match their records.
i have a problem with my yahoo!mail since two weeks i didn't access into my acount
i am very happy with my yahoo!acount but this last time i had a problem to access into it because i have many mails from friends but ididn't access to read them
What!s Yahoo mail?
I have been waiting for my password from yahoo no one sent me temporary pass ward yet , I am very unhappy and very upsetting . More than two weeks . C'mon you kidding me bad busyness