Yahoo rejects fears hackers will exploit old user IDs
Yahoo downplayed concerns that its plans to recycle inactive user IDs could leave users exposed to hackers, saying only 7 per cent of those IDs are tied to actual Yahoo email accounts.
San Francisco: Yahoo Inc downplayed concerns that its plans to recycle inactive user IDs could leave users exposed to hackers, saying only 7 per cent of those IDs are tied to actual Yahoo email accounts.
The Internet company, which announced last week it would release user IDs that have been inactive for more than 12 months so that other people can claim them, was pressed to defend the plan after critics warned that hackers who take control of inactive accounts could also assume the identities of the accounts' previous owners.
Yahoo hopes the plan will spark fresh interest in its Web products like Mail, where users prefer individualized user IDs often derived from common names. But criticism of the plan comes at a time when fears over the security of personal information on the Internet have been heightened by revelations of massive US government snooping and international online crime.
Yahoo stressed that it has put in place various safeguards, such as coordinating with other major Web companies including Google Inc and Amazon Inc to minimize the risk of identity theft.
The possibility of identity theft is "something we are aware of and we've gone through a bunch of different steps to mitigate that concern," said Dylan Casey, a senior director for consumer platforms. "We put a lot of thought, a lot of resources dedicated to this project."
Critics say hackers could claim inactive accounts for identity theft. If a Yahoo email is associated with a Google account, for instance, an identity thief with access to the Yahoo email account could use it to reset the Google account password and assume control.
Mat Honan, a Wired magazine writer who has previously written about being the victim of a devastating hacker attack, on Wednesday slammed Yahoo's plan as a "spectacularly bad idea."
"This is going to lead to a social engineering gold rush come mid-July," Honan wrote, referring to hacker tactic of obtaining passwords by deceiving people rather than cracking codes.
But Casey said that the vast majority of inactive accounts were more limited, used for services such as Yahoo's Fantasy Sports that are not tied to an email address and therefore not susceptible to identity theft.
Yahoo will also unsubscribe its inactive email accounts from mailing lists so that their new owners will not receive unwanted mail, Casey said.
"Can I tell you with 100 percent certainty that it's absolutely impossible for anything to happen? No. But we're going to extraordinary lengths to ensure that nothing bad happens to our users," Casey said.
Since the company announced its plans on June 12, users have 30 days to claim their inactive accounts before they are released, Yahoo said.
- How Samajwadi Party Will Look Like it Splits
- Watch: Akhilesh vs Shivpal Figth Over Amar Singh
- SP Meet Turns into Family Drama, Akhilesh & Shivpal Spar In Public
- Samajwadi Party's Old Guard May Need Akhilesh's 'Youth Appeal' in 2017 Polls
- Madhur Bhandarkar Happy Over End of Protests Against ADHM
- Bigg Boss 10: Priyanka Jagga Is The First Contestant to Get Eliminated This Season
- I'm a Gujarati at Heart, Says President Pranab Mukherjee
- Don't Use 'His Excellency' Tag For Me, Says TN Guv Rao