Should You Recycle Your Yahoo ID?

Posted by on Oct 3, 2013

yahoo.com Passwords

Image from yahoo.com


Have you ever thought of changing your Yahoo ID to something short, simple, and easy to remember? If yes, then you have the option of doing so with Yahoo’s new move of recycling dormant Yahoo IDs, and assigning them to active users. In mid June, Yahoo announced that the User IDs that are inactive for over a year would be reassigned to current users. Yahoo will alert the dormant account holders to login in to their accounts within 48 hours if they want to keep them or else their accounts will be recycled and up for grabs. Yahoo also opened up a wish list for current users to name their top five choices of usernames, and if one of those user IDs was available then Yahoo would contact them and send instructions to claim that ID.

Unfortunately this email-recycling scheme of reengaging old users and rewarding active ones is not as easy and cut-and-dry as it looks. There are a lot of security surprises hidden for you in this move of Yahoo. Some of the users who had received recycled IDs say they have received emails intended for the original account holder. Those emails contain all kinds of information starting from marketing emails to emails containing personal information like social security number and credit card details.


Identity theft will recycled Yahoo IDs.

Recycled Yahoo IDs can promote identity theft. Image from spideroak.com


In an interview given to InformationWeek, Tom Jenkins, an IT security professional who has received a recycled ID says  “I can gain access to their Pandora account, but I won’t. I can gain access to their Facebook account, but I won’t. I know their name, address and phone number. I know where their child goes to school, I know the last four digits of their social security number. I know they had an eye doctor’s appointment last week and I was just invited to their friend’s weddings. The identity theft potential here is kind of crazy.”

Several security researchers and data privacy advocates have opposed Yahoo’s move, saying reassigning IDs can be extremely critical to the privacy and security of user data. There might be a potential risk of identity theft during this process. In response to the concerns of security experts, Yahoo says it has taken proper precautionary measures before assigning the old IDs and is confident of safeguarding user data during this process. These are some the steps Yahoo has taken in order to protect the privacy of its account holders.

  •  As per Yahoo, they have attempted to contact inactive account holders in multiple ways to log on to their accounts, or else their account will recycled.
  • Private data from previous accounts were deleted and bounce-back e-mails were sent to the senders for 30-60 days to let them know that the account does not exist and to unsubscribe from the commercial mailing list.
  • Yahoo is also working on a new feature called “ Not My Email”, where users report an email that is not intended for them.
  • Yahoo will take proper security measures to ensure that emails of previous account holders remain private.
Not My Email

Not My Email: Image from spideroak.com


Protect your Yahoo account

 As a user you can also protect your account by:

  • Logging on to your account from time to time If you do not want your account to become inactive and then later recycled as per Yahoo’s new policy
  • If you want to relinquish your account then make sure your personal stuff or subscriptions are not directed to that account. For example, most online accounts needs your email address to reset the password. They end up sending the new password or activation link to the email address on file. Make sure that you update your email address for all your online accounts.

On contrary to Yahoo, Google offers an interesting feature called “Inactive Account Manager” to manage the inactive accounts effectively. You can tell Google what to do with your Gmail messages and data from other Google services if your account becomes inactive. Google offers two options to deal with your inactive account – it will alert you to delete your account after three, six, nine or 12 months of inactivity or ask you to select trusted contacts to receive some or all of your data from the following services: 1s; Blogger; Contacts and Circles; Drive; Gmail; Google+ Profiles, Pages and Streams; Picasa Web Albums; Google Voice and YouTube. Before taking any action on your account Google will warn you by sending a text message to your cellphone and emailing to the secondary address you have provided.

Image from google.com

Image from google.com


Secure your Emails with SpiderOak

 Users sometimes find that selecting a truly protected third party cloud service can be a challenge as most “secure” services on the market have glaring security gaps that leave their sensitive data wide open to third party attacks, leaks, and hacking. One rapidly expanding cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

Interested in SpiderOak Products?

SpiderOak carved its niche as the top choice for those most concerned with privacy.

The engineering goal was simple – devise a plan where users’ files, filenames, file types, folders, and/or any other personal information are never exposed to anyone for any reason (even under government subpoena). This describes SpiderOak’s ‘zero-knowledge’ privacy environment.

SpiderOak offers amazing products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. SpiderOak Hive keeps all your files in sync across your computer and mobile devices. Here the end-user has the ownership of data and is the only one with the keys to unlock and look at plaintext data. You can signup for this product now. SpiderOak Blue works seamlessly in your enterprise environment. To resolve authentication it deploys a virtual appliance that resides behind your firewall and integrates with Active Directory / LDAP for single sign-on. SpiderOak Blue is compatible in Mac, Windows, Linux, iOS and Android platforms. SpiderOak Blue is now available through a limited release. We have been working with several large enterprises through the beta period and will continue towards general release. If you’re curious about the product, please send an email to blueinfo@spideroak.com and we will get back to you soon.


Leave a Reply