Watch out! Yahoo has a moronic plan to let someone steal your email address

Yahoo says that if you haven't logged into your Yahoo account for 12 months, and *don't* log in by July 15th, they're going to give other people the chance to grab it.

Yahoo announcement

What a terribly stupid idea.

Here are some scenarios which you may like to consider.

Scenario One

Imagine that years ago you created yourself a Yahoo address, registered some third-party web accounts using your new Yahoo address, but subsequently decided to use Gmail or Hotmail as your primary email account instead.

Maybe you haven't had any reason to log into Yahoo for quite a while..

So, what is going to happen when you forget the password for one of those third-party web accounts, and you ask it to send your registered email address a password reset/reminder?

Tough luck. Yahoo has given your email account to someone else, and potentially they might be able to get up to mischief with your other web account...

Scenario Two

What if you have used your old email address as an archive - you may not have needed it in the last year, but who's to say that you might not want to access some of its content (emails and photos from since-deceased relatives and the like) in the future?

Scenario Three

Alternative email addresses are good for security.

For instance, when websites ask "Give us an alternative email address in case we need to contact you another way".

Many websites ask you to supply them with alternative email addresses they can use to contact you should there be an emergency, or if you have been locked out of your account.

Bad luck if your alternative email address was a dusty old Yahoo account, and if Yahoo has long since handed it over to a complete stranger.

YahooOnce an email address has been registered that should be it. Finito.

You didn't get the email address you wanted? Tough luck - you should have moved faster in the gold rush. Yahoo doesn't know where its email addresses are being used elsewhere on the web - all it knows is if anyone has been actively logging into the account and sending emails from it.

There is a real risk that many people will *never* realise that the clock is ticking and that they could be about to lose control of their Yahoo ID.

Wouldn't it be a heck of a lot friendlier (but less commercially interesting to Yahoo) if the company asked people to *opt-in* to giving up their Yahoo ID for others? Of course, Yahoo knows it will have a lot fewer email addresses available to offer afresh if it does that.

Yes, this initiative will encourage some people to log back into their dormant Yahoo accounts and *maybe* they'll like what they see there... but it's an underhand way of getting people to re-engage with the site.

In short: as an idea it sucks, and it shows Yahoo's lack of respect to customers who created accounts with them in years gone by.

Further reading: Yahoo attempts (and fails) to defend its crazy email plan

Tags: , ,

Smashing Security audio podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Vanja Svajcer, and Carole Theriault.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Listen now

Subscribe to the free GCHQ newsletter

, ,

Leave a reply

9 Comments on "Watch out! Yahoo has a moronic plan to let someone steal your email address"

Notify of
Sort by:   newest | oldest | most voted
Mark Wintle

Seriously Yahoo, this totally undermines customers trust in a product. If I have a dozen email account and only use two that's my choice due to those two providers showing they were reliable and easy to use, if you change and exceed their qualities I'll use you more I'm not costing you money, you are not losing money and the bottom line is the only people who'll scramble for Yahoo email addresses that come up will ironically be spammers & scammers, and how will they register, with disposable email to grab legit addresses I'm guessing.


I don't see why this is yahoo's problem. I also don't understand why the author is picking on yahoo, hotmail does the same as do many other free providers. Provided they email every one of those accounts I don't see how it is any different to cancelling a prepay phone number that is not being used any longer (no one picking on phone companies reusing phone numbers).


"Thanks I just sent out a billion PASSWORD GRABBING emails out"
– BEWARE of phishing, don't login by clicking on an email
– log in by typing the yahoo address into the address bar

Samantha Dega
Samantha Dega

define use.
seriously yahoo! define use.


i dont see the security risk here! if they havent logged in a year, then clearly they have moved to a different better provider (i.e. google)