Yahoo users in possession of a recycled ID are reporting that they’re receiving emails meant for previous owners—some that include sensitive information. According to a report from InformationWeek, the issue began after spam emails started flooding in, but people soon started to notice some of those emails contained account information, confirmation for appointments, and more. Basically, everything you wouldn’t want someone to see, they’re now seeing.
CNET surmises the old owners must be using their Yahoo ID without realizing they no longer have access to it. If that’s the case, the onus is on previous owners, but highlights that maybe recycling older IDs wasn’t such a good idea in the first place. Yahoo hasn’t yet come up with a solution, but did tell InformationWeek it takes users privacy very seriously, and only a “very small number” of users has been affected. The only immediate solution is for other companies to verify accounts by adding a date-specific marker.
Old Yahoo IDs started to be put back into circulation just last month—any ID that hadn’t been logged in for more than a year was considered inactive, and therefore up for grabs. Once Yahoo did announced its plan to recycle old accounts, a representative of the online company told CNET its methods were “very foolproof.” Obviously not foolproof enough.
According to one IT security professional, Tom Jenkins, the potential for identity theft is nearly limitless. “I can gain access to their Facebook account… I can gain access to their Pandora account… I know their name, address and phone number.” And so on. Not exactly a comforting thought. If you or someone you know previously had a Yahoo ID that is now inactive, you better disassociate that with any important accounts you currently link it to—you wouldn’t want any information falling into the wrong hands.