In June, Yahoo announced that Yahoo addresses and IDs that have been inactive for more than a year would be reassigned. But the one thing the internet giant wasn’t counting on was that personal emails from previous owners would still continue showing up in the new owner’s inbox.
While common emails from marketing accounts and social networking websites didn’t pose that much of a security threat, some users revealed that they received emails with bank account details, PIN numbers, social security numbers and more.
Experts on privacy are now calling on Yahoo to rectify the issue immediately, and Yahoo has said it has embarked on measures to ensure privacy and allay security fears.
According to Mike Rispoli, spokesman for Privacy International “This email recycling scheme, an effort to re-engage old users and attract new ones, is resulting in some of our most intimate data being accessed by someone we don’t know and without our knowledge.”
A Yahoo representative, however, said “Before recycling inactive accounts we attempted to reach the account owners [in] multiple ways to notify them that they needed to log in to their account or it would be subject to recycling,”
He further added that “”We took many precautions to ensure this was done safely – including deleting any private data from the previous account owner, sending bounce-backs to the senders for at least 30-60 days letting them know the account no longer existed and unsubscribing the accounts from commercial mail.”
Yahoo also plans to include a process known as the “Not My Email”, useful for people who are receiving emails not intended for them, though experts are wondering if this move is sufficient to protect past users from privacy infringement.