Recycled Yahoo addresses and PII leaks

Infoweek interviewed a number of people who acquired new Yahoo addresses during Yahoo’s address recycling and reuse process. It seems that at least for some small percentage of former Yahoo users, there is a major risk of information going to the wrong people.

I can gain access to their Pandora account, but I won’t. I can gain access to their Facebook account, but I won’t. I know their name, address and phone number. I know where their child goes to school, I know the last four digits of their social security number. I know they had an eye doctor’s appointment last week and I was just invited to their friend’s wedding […]

I still don’t think this address recycling will cause delivery problems. Some senders may see an increase in “this is spam” hits from new account holders, but as long as they remove addresses and stop mailing people that shouldn’t cause delivery issues over the long term.
I still suggest that companies using email addresses as account “keys” should understand the implications of an email account (Yahoo or otherwise) being recycled. This isn’t just a Yahoo issue, all ISPs recycle usernames. In this case, Yahoo just did it more publicly and in a shorter time frame than most ISPs do.
Using an email address as a key and failing to do any upkeep or data maintenance will result in PII leaked to third parties. Banks, social networks, online fora, mailing lists and websites should all have ways to address email address recycling, if only to protect user information. Yahoo may not have handled the address recycling process well, but that only means the companies using email addresses as keys need to have plans and processes in place to verify the addresses in use.

Does mail volume contribute to blocking?
Yahoo trying to cope with misdirected email

Related Posts

Yahoo releases user names

According to TechCrunch, Yahoo has started notifying people if their desired username is available. For users who asked for names that aren’t available now, Yahoo has a solution. They will be keeping wishlists for users for the next 3 years. If those usernames are abandoned and expire, Yahoo will notify people by email.
Any sender using email as an account key (either for resetting passwords or granting access) should be careful about releasing accounts to Yahoo users. Yahoo has established a new header type (Require-recipient-valid-since, currently going through the IETF standards process) to minimize the chance that the wrong people get access to other accounts tied to a recycled mailbox.
For those of us who didn’t put in some addresses we, too, can create username wishlists, we’re just going to pay $1.99 for the privilege.

Read More

Delivery implications of Yahoo releasing usernames

Yahoo announced a few weeks ago it would be releasing account names back into the general pool. This, understandably, caused a lot of concern among marketers about how this would affect email delivery at Yahoo. I had the opportunity to talk with a Yahoo employee last week, and ask some questions about how this might affect delivery.
Q: How many email addresses are affected?

Read More

No expectation of privacy, says Google

I spent yesterday afternoon in Judge Koh’s courtroom listening to arguments on whether or not the class action suit against Google based on their scanning of emails for advertising purposes can go forward. This is the case that made news a few weeks ago because Google stated in their brief that users have “no expectation of privacy” in using online services.
That does appear to be what Google is actually saying, based on the arguments by attorney Whitty Somvichian. He made it clear that Google considers everything that passes through their servers, including the content of emails, covered under “information provided to Google” in the privacy policy. Google is arguing that they can read, scan, and use that content to display ads and anything else they consider to be in the normal course of business.
I have pages and pages of notes but I have some paying work to finish before I can focus on writing up the case. There were multiple reporters and bloggers in the courtroom, but I’ve not found many article. Some I’ve found are:

Read More