Yahoo rejects ID hacker fears

Last updated 11:34 24/06/2013

Relevant offers

Digital Living

Creepy tech is bad for innovation Why it matters that Google Home can now identify you by voice The perils of unwanted emails The biggest time suck at the office might be your computer Jane Bowron: Change to landlines not good news for all Features you ought to know about your smartphone Sexting: A language our children must never learn How to shoot better photos with your phone Facebook envisions using brain waves to type words Kiwis still clinging on to old tech

Yahoo has downplayed concerns that its plans to recycle inactive user IDs could leave users exposed to hackers, saying only 7 per cent of those IDs are tied to actual Yahoo email accounts.

The internet company, which announced last week it would release user IDs that have been inactive for more than 12 months so that other people can claim them, was pressed to defend the plan after critics warned that hackers who take control of inactive accounts could also assume the identities of the accounts' previous owners.

Yahoo hopes the plan will spark fresh interest in its web products like Mail, where users prefer individualised user IDs often derived from common names. But criticism of the plan comes at a time when fears over the security of personal information on the internet have been heightened by revelations of massive US government snooping and international online crime.

Yahoo stressed that it has put in place various safeguards, such as coordinating with other major web companies including Google and Amazon to minimise the risk of identity theft.

The possibility of identity theft is "something we are aware of and we've gone through a bunch of different steps to mitigate that concern", said Dylan Casey, a senior director for consumer platforms. "We put a lot of thought, a lot of resources dedicated to this project."

Critics say hackers could claim inactive accounts for identity theft. If a Yahoo email is associated with a Google account, for instance, an identity thief with access to the Yahoo email account could use it to reset the Google account password and assume control.

Mat Honan, a Wired magazine writer who has previously written about being the victim of a devastating hacker attack, on Wednesday slammed Yahoo's plan as a "spectacularly bad idea".

"This is going to lead to a social engineering gold rush come mid-July," Honan wrote, referring to a hacker tactic of obtaining passwords by deceiving people rather than cracking codes.

But Casey said that the vast majority of inactive accounts were more limited, used for services such as Yahoo's Fantasy Sports that are not tied to an email address and therefore not susceptible to identity theft.

Yahoo will also unsubscribe its inactive email accounts from mailing lists so that their new owners will not receive unwanted mail, Casey said.

"Can I tell you with 100 per cent certainty that it's absolutely impossible for anything to happen? No. But we're going to extraordinary lengths to ensure that nothing bad happens to our users," Casey said.

Ad Feedback

Since the company announced its plans on June 12, users have 30 days to claim their inactive accounts before they are released, Yahoo said.

- Reuters


Special offers

Featured Promotions

Sponsored Content