Yahoo: recycling user IDs isn’t a security risk
Yahoo has downplayed fears that recycling inactive user IDs could leave users exposed to hackers, saying only 7% percent of those IDs are tied to actual Yahoo email accounts.
Yahoo has said it would release user IDs that have been inactive for more than a year so that other people can claim them.
The company was pressed to defend the plan after critics warned that hackers who take control of inactive accounts could be able to assume the identities of the accounts’ previous owners, an issue that also hit Hotmail.
Criticism of Yahoo’s plan comes as fears over the security of personal information on the internet have been heightened by revelations of massive US government snooping and international online crime.
Yahoo has also faced widespread criticism for ongoing vulnerabilities in its email systems which allow hackers to hijack user accounts.
Can I tell you with 100% certainty that it’s absolutely impossible for anything to happen? No. But we’re going to extraordinary lengths to ensure that nothing bad happens to our users
Yahoo stressed that it’s put in place various safeguards, such as coordinating with other major web companies including Google and Amazon to minimise the risk of identity theft.
The possibility of identity theft is “something we are aware of and we’ve gone through a bunch of different steps to mitigate that concern,” said Dylan Casey, a senior director for consumer platforms. “We put a lot of thought, a lot of resources dedicated to this project.”
Critics say hackers could claim inactive accounts for identity theft. If a Yahoo email is associated with a Google account, for instance, an identity thief with access to the Yahoo email account could use it to reset the Google account password and assume control.
But Casey said that the vast majority of inactive accounts were more limited, used for services such as Yahoo’s Fantasy Sports that are not tied to an email address and therefore not susceptible to identity theft.
Yahoo will also unsubscribe its inactive email accounts from mailing lists so that their new owners will not receive unwanted mail, Casey said.
“Can I tell you with 100% certainty that it’s absolutely impossible for anything to happen? No. But we’re going to extraordinary lengths to ensure that nothing bad happens to our users,” said Casey.
Since the company announced its plans on 12 June, users have 30 days to claim their inactive accounts before they are released, Yahoo said.