What Happens to Inactive Email Accounts?

Category: Email

If you have an email account that you've not logged into for quite a while, it could go poof, and possibly be re-assigned to someone else. That might make sense, but the way that Yahoo is handling their recent announcement about inactive accounts has some people shaking their heads in disbelief. Find out why hackers and scammers are rejoicing, and what this means for you...

Is Yahoo Going to Recycle Your Username?

On June 12, 2013, Yahoo announced plans to recycle Yahoo IDs whose users have not logged in for over a year. The reclaimed IDs will be made available for newcomers to register on July 15. This housecleaning should be no big deal, but Yahoo handled its announcement so poorly that it’s created unnecessary alarm and criticism based upon unfounded speculation. The result has been a gigantic public relations backfire for Yahoo.

Mat Damon, a Wired Magazine writer who’s been traumatized by ID theft, immediately hit the panic button. He wrote, in part:

“It means that people will be able to claim Yahoo IDs and use them to take over other people’s identities via password resets and other methods. For example, someone who uses a Yahoo email address solely as a backup for Gmail, and thus hasn’t logged into it for a long time, would be vulnerable to having that address taken over by a malicious individual who only wanted to ultimately get into the active Gmail address. You can see a chain of events where that could lead to taking over online banking accounts, social media accounts and the like.”

Yahoo Recycling Inactive Accounts

Note that Damon assumed a Yahoo ID is a Yahoo email address. In fact, a Yahoo ID can be any username, without the domain "@yahoo.com" attached. In a response to Damon and other critics, Yahoo revealed that only 7 per cent of Yahoo IDs have a Yahoo email address associated with them. Yahoo also explained some extraordinary steps it is taking to reduce the possibility of exploits such as Damon vaguely describes, and some that he didn’t; that statement reads in part:

“Any personal data and private content associated with these accounts will be deleted and will not be accessible to the new account holder. To ensure that these accounts are recycled safely and securely, we’re doing several things. We will have a 30-day period between deactivation and before we recycle these IDs for new users. During this time, we’ll send bounce back emails alerting senders that the deactivated account no longer exists. We will also unsubscribe these accounts from commercial emails such as newsletters and email alerts, among others. Upon deactivation, we will send notification for these potentially recycled accounts to merchants, e-commerce sites, financial institutions, social networks, email providers and other online properties.”

Yahoo might have avoided a lot of backlash by explaining all of the above in its first announcement; instead, the company hyped only the positive (“Hey, you can get a shorter, catchier Yahoo ID!”) and failed to address obvious questions like, “What happens to my stuff?” That was dumb.

The followup explanation only gave security wonks more ammunition after they were put in the mood to take shots at Yahoo. The company will never be able to contact all of the firms that may have a user’s email address, they say. They say that if Yahoo gives to “hundreds of millions” of third parties a list of Yahoo email addresses that are vulnerable to exploitation, what are the odds that someone with nefarious intent will get that handy list?

The Too-Nice Landlord

Yahoo’s third mistake was to assume this massive responsibility for protecting inactive users. That’s far above and beyond the call of duty, and a source of potential liability.

Imagine yourself abandoning a rented home, providing no notice to your landlord, paying no rent for a year, leaving all your stuff behind, and failing to file a change-of-address notice with any of your correspondents. What is the landlord’s duty to you? None; he can throw away your abandoned stuff and any new stuff that arrives in the future. He doesn’t even have to write “return to sender” on mail and hand it to a postman.

But if your landlord states in writing that he will file change-of-address forms for you, he’s potentially liable for failure to file even one if that failure results in damages to you. That’s why you will never get such an offer from a landlord with an ounce of brains!

How Do Other Email Providers Handle Inactive Accounts?

Other email and Web service providers have policies that allow them to reclaim inactive accounts. Microsoft claims the right to deactivate accounts after 270 days of inactivity. Google gives you nine months, effectively the same as Microsoft. AOL will deactivate accounts after just 90 days of inactivity. You then have a 30-day grace period, after which AOL will delete all your stored messages, photos, etc.

None of them make any promises to protect you against the potential consequences of account deactivation. They don’t publicly announce plans to deactivate accounts. It’s just quietly done on a case by case basis (if it’s done at all).

If you haven’t logged in to your Yahoo account in over a year, do so before July 15 and it will remain active. That said, Yahoo may be failing to let inactive account holders reactivate. Upon reading of this recycling plan, I went to Yahoo.com and tried to log in by guessing my ID and password. It appeared that I guessed correctly.

“We need additional information in order to reactivate your account,” the next page said. So I answered some simple security questions. The response was,

“Success! We are initiating the process of reactivating your account…” That’s not my idea of “success” in reactivating my account; more like, “We’re working towards success.”

Now, more than a week later, I still cannot log in to Yahoo using the ID and password that I guessed and Yahoo apparently confirmed were valid. I get, “Invalid ID or password.” But apparently my ID is registered with Yahoo. A variation of it yields a different message: “That ID is not yet taken.” So is the “invalid” ID mine, or is it someone else’s with a different password?

Oh, well; I can’t even remember why I got a Yahoo ID, if I did. I can’t see why I would want one now. The company seems to be a total shambles. Marissa Mayer, Yahoo’s new CEO, may be missing her old job at Google.

Got something to say about this topic? Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 25 Jun 2013

For Fun: Buy Bob a Snickers.

Prev Article:
SnapChat and Your Personal Privacy

The Top Twenty
Next Article:
Geekly Update - 26 June 2013

Most recent comments on "What Happens to Inactive Email Accounts?"

Posted by:

25 Jun 2013

Maybe you got a Yahoo ID for Flickr? (That's why I got mine.)

Posted by:

25 Jun 2013

Ha! Well....those of us using AT&T as our ISP are well acquainted with Yahoo and its terribly managed E-Mail service. It always has been a nightmare for us and continues to be so....especially with recent "non-optional" updates put into effect. Never gets better.....just worse. Almost bad enough to persuade us to drop AT&T and switch to another provider. Using another client does not help because everything still has to come through Yahoo. At least that's been our experience.

Posted by:

25 Jun 2013

I have two yahoo id's. The main one is for my Verizon email account Verizon providesw two types, their basic one or one associated with yahoo (my-id@verizon.net - server - yahoo.verizon.net). The yahoo id
my-name@yahoo.com is used for my Yahoo Groups, but also links back to the email one.

Posted by:

25 Jun 2013

I assume that opening my Yahoo email inbox counts as "logging on," as is going to a Yahoo Group where I'm a member.

If not, what should I do in addition?

Posted by:

25 Jun 2013

I have had a yahoo account for many years. There is no customer service at all. I have so many contacts that it would be impossible to change at this point. I also have T-Mobile and I can’t get it to work on the android phone either. G-Mail has it problems also but I guess we’re all stuck with what we have.

Posted by:

25 Jun 2013

Bob, do you know if they have gotten rid of their Random Answer Generator yet? That might be the cause of many of their current problems. If only they'd update their answers and reasons the probability of getting it right would be FAR closer to to 0 that where it sits now.

As an aside, Wiki says they have (as of Dec. 2012) 281 million users, 7% of that is about 20 million users (presume Yahoo ID's). I'd say their Random Answer generator is NOT working out very well for them. Maybe if they moved to a comptuer from the large spinning wheel they must be using using now . . . . .

Posted by:

25 Jun 2013

It would be nice if Yahoo ever answered questions on log in problems, I have asked the same question for over 2 years. How to log in when I see no "CAPTIVIA" information when trying to recover my password.
I have to log in with my Google account to sign in.
I can't even create a new account as I have the same problem, "NO CAPTIVIA" if thy could answer that questions or post it in their "FAQ's" It would help but 2 years is stupid.

Posted by:

Brian S.
26 Jun 2013

I have a bone to pick with Yahoo. For the past two weeks their Yahoo Mail Classic has not been working. I get unwillingly redirected to the "New and improved" Yahoo Mail which bites. Does anybody know a way to get back to Classic Mail?

Posted by:

26 Jun 2013

I have a Yahoo account because I'm a member of several groups that use Yahoo for postings. I never use my Yahoo email. In fact, when I try to change my email to a different email (eg gmail), it refuses to allow me to do so. I have two other emails as "back up" email accounts, but Yahoo keeps my yahoo email & Yahoo "identity" the same.

Posted by:

26 Jun 2013

My son was killed three years ago. He had a Yahoo account. I didn't know the password but wanted access to his account since his PayPal went through that account and I wanted to notify people he corresponded with that he was gone. At first, they were agreeable and told me all of the information I needed to send. After I sent it all, they informed me that I couldn't get into the account because I didn't know when he had last accessed it, couldn't answer his questions, etc. They said they would leave it open for a period of time, in case he wanted to access it. REALLY?? I would never deal with Yahoo, although I am going to see if his ID is one that is available. Who knows, maybe I'll be able to get into his account finally!

Posted by:

Brother Tom
10 Jul 2013

J, you should contact a lawyer. Yahoo must have a policy of dealing with accounts when the holder dies. The executor or the lawyer should be able to do this.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML

Article information: AskBobRankin -- What Happens to Inactive Email Accounts? (Posted: 25 Jun 2013)
Source: https://askbobrankin.com/what_happens_to_inactive_email_accounts.html
Copyright © 2005 - Bob Rankin - All Rights Reserved