Allison here. We’ve recently discussed the June 2013 Yahoo! announcement indicating that the company would be recycling old email addresses, allowing users to pick them up if they wanted something simpler i.e. janedoe instead of janedoe34732. This program launched within the past several weeks, and a few users have received emails intended for the previous owner, and these emails emails contain personally identifiable information that put these previous owners at risk for identity theft. However, when Yahoo! first announced this program, they reassured users that it would not compromise their personal information or lead to ID theft.

What Yahoo! Is Doing About the Problem

IT security professional Tom Jenkins picked up one of these old email addresses, and within days, had access to the previous user’s Pandora and Facebook accounts. He knows this person’s name, address, and phone number, as well as the last four digits of their Social Security number. Web developer Scott Newman received court information, airline confirmation details, and even a funeral announcement, all intended for the previous owner. Even though these two men are honest about the information they are receiving, others might not be so kind, and it’s obvious how much identity theft risk exists here.

Yahoo! is aware of the problem and is rolling out a Not My Email button to let users of the recycled emails alert the company that they are receiving messages intended for the previous user. It’s better than nothing, but it doesn’t go all the way to mitigate the ID theft risk. If you have a Yahoo! email, the best thing to do is to log in every six months so it doesn’t get recycled and given to someone else. If you have a username that has been recycled, then it might be best to watch your credit reports and accounts for suspicious behavior. Not everyone is going to be nice and ignore the possible treasure trove of info.