Recycled Yahoo addresses and PII leaks
Infoweek interviewed a number of people who acquired new Yahoo addresses during Yahoo’s address recycling and reuse process. It seems that at least for some small percentage of former Yahoo users, there is a major risk of information going to the wrong people.
I can gain access to their Pandora account, but I won’t. I can gain access to their Facebook account, but I won’t. I know their name, address and phone number. I know where their child goes to school, I know the last four digits of their social security number. I know they had an eye doctor’s appointment last week and I was just invited to their friend’s wedding […]
I still don’t think this address recycling will cause delivery problems. Some senders may see an increase in “this is spam” hits from new account holders, but as long as they remove addresses and stop mailing people that shouldn’t cause delivery issues over the long term.
I still suggest that companies using email addresses as account “keys” should understand the implications of an email account (Yahoo or otherwise) being recycled. This isn’t just a Yahoo issue, all ISPs recycle usernames. In this case, Yahoo just did it more publicly and in a shorter time frame than most ISPs do.
Using an email address as a key and failing to do any upkeep or data maintenance will result in PII leaked to third parties. Banks, social networks, online fora, mailing lists and websites should all have ways to address email address recycling, if only to protect user information. Yahoo may not have handled the address recycling process well, but that only means the companies using email addresses as keys need to have plans and processes in place to verify the addresses in use.