Yahoo account recycling identity theft fears downplayed

Yahoo has dismissed fears of hacking and impersonation after it deactivates dormant user accounts, arguing that the risk of identity theft is incredibly low. The company announced last week that it would be culling those accounts not used for twelve months, prompting concerns that new sign-ups with recycled names could go on to "borrow" the personality of the old account owner. That, Yahoo tells Reuters, is something the company is "going to extraordinary lengths" to prevent.

"Can I tell you with 100-percent certainty that it's absolutely impossible for anything to happen? No," Dylan Casey, Yahoo's senior director for consumer platforms conceded. "But we're going to extraordinary lengths to ensure that nothing bad happens to our users."

Among the fears are concerns that the dormant accounts could be "safety" contacts, used as the emergency reset address for other services such as Gmail. There, users might have registered a Yahoo email as the point of contact in case their Google account is compromised.

Should that Yahoo account subsequently be deactivated and even handed over to someone else, there have been suggestions that those emergency reset messages could either not be received or, more dangerously, be received by the wrong person. That's before you get to cases where those signing up use to recycled names pretend to be the old user.

Yahoo points out that it will be notifying other services, such as Google and Amazon, of which accounts have been deactivated. It also aims to automatically unsubscribe the reused email addresses from mailing lists and marketing. "We've put a lot of thought, a lot of resources dedicated to this project" Casey insisted.

The first of the sweeps will occur on July 15, with Yahoo already notifying affected users that they have 30 days to log into their account and keep it active.