Yahoo have announced plans to ‘release’ inactive Yahoo IDs in order to allow users to register more memorable email addresses. This means that users could now register, for example, firstname.lastname@example.org instead of email@example.com, which sounds good in theory. In reality, it’s actually an incredibly badly thought out idea.
In a recent Tumblr post, Yahoo announced that on July 15th it intends to “free up” email addresses which have been inactive for a year or more. The problem doesn’t lie with the fact that these accounts will be deactivated, it lies with the fact that these accounts are going to be available for other people.
By mid-July, everyone will be invited to have a go at claiming the Yahoo ID they require. In mid-August, users who staked a claim on an ID can go to Yahoo to find out which one they received.
On paper, it seems like a great way to get people to log on again, as well as converting new users to Yahoo. Where it hits a stumbling block is thus: people will be able to claim deactivated IDs and use them to take over the identities of other people via password resets and other means.
Put simply – Person A might use a Yahoo email address solely as a backup for their Gmail account, and will rarely log into it. Person B could then activate Person A’s old Yahoo email address in order to gain access to their Gmail account. This chain of events can then lead to Person B taking over Person A’s social media accounts and online banking amongst others.
Finding inactive addresses is literally child’s play. It would be easy to find, for example, a dormant account on the image sharing site Flickr which previously required a Yahoo email address.
Ultimately, unless Yahoo has an in-depth rethink of its policy, this could potentially lead to a data mining gold-rush in July – not good by any accounts.
What’s your opinion?