Quantcast

Security Vet: Yahoo’s Email ‘Scheme’ Was ‘Downright Reckless’

Get the WebProNews Newsletter:
Security Vet: Yahoo’s Email ‘Scheme’ Was ‘Downright Reckless’
[ Technology]

Yahoo continues to come under fire over its recycling of old email addresses and user IDs. Back in June, the company announced its plans to give old, inactive IDs to current users who wanted better email addresses.

Immediately, the plan drew a fair amount of criticism from security experts and journalists, including the guy from Wired that who was famously hacked last year. Back then, well-known security expert Graham Cluley, who has worked for security giants like McAfee and Sophos, called Yahoo’s plan “moronic,” and told WebProNews, “they should throw the idea away in the trash can where it belongs.”

Last week, InformationWeek put out a story sharing quotes from users of the recycled email addresses who were getting other people’s email with sensitive information. Yahoo acknowledged that it had been happening to some users, and in response, launched a “Not My Mail” button (pictured) so that those getting other people’s emails could notify Yahoo and fix the problem. Of course, that relies on the user to be honorable enough to use it, and not to exploit the sensitive info they’re getting.

Cluley has taken to his personal blog again to bash Yahoo’s strategy.

“The truth is that this button doesn’t deal with the fundamental security problem with what Yahoo did,” writes Cluley. “The fact that Yahoo has had to roll out this new button says to me that it knows it has failed to deliver this intitiative “in a way that’s safe, secure and protects [its] users’ data.”

“None of this would have happened if Yahoo hadn’t initiated the reckless, harebrained scheme in the first place,” he adds. “They should be ashamed of this fundamentally flawed scheme which is not just half-baked, but downright reckless.”

According to Yahoo, only a small number of users have complained about getting other people’s email, but again, are the ones likely to exploit these emails going to let the company know about it?

Image via TechCrunch

Security Vet: Yahoo’s Email ‘Scheme’ Was ‘Downright Reckless’
Top Rated White Papers and Resources
  • jack peters

    This happend to me. They deleted my account and then someone else took the ID… Even though i was active. (Once a week)
    What’s worse is yahoo did nothing about it.

  • http://myyahoo.com tareqali

    I am feeling delighted.

  • Mel

    This happened to me too. They “recycled” my account and I no longer had any control over it. I then started receiving daily yahoo search alerts to the alternate email address associated with the email account! I could not stop this, of course, because I couldn’t log into my yahoo account. I tried for several months to resolve this with yahoo “support” to no avail, other than to verify that indeed a breech had occurred. Absolutely maddening.