Yahoo has moved to reassure users that its plans to free up inactive accounts will not expose users to potential security issues. Wired's Mat Honan — who himself fell victim to a multipronged attack by hackers last year — warned that the recycling of user IDs may allow attackers to claim old accounts and assume a person's online identity using password resets. In response, Yahoo says that while the majority of inactive Yahoo IDs do not have a mailbox associated with them, it is taking a number of steps to ensure that does not happen.
"Accounts that have been inactive for 12 months will be affected."
The company plans to introduce a 30-day period between an account deactivation and its subsequent recycling. During that time, emails received in the account will be met with a response that the account no longer exists. Yahoo says it will also unsubscribe inactive accounts from "commercial emails such as newsletters and email alerts" and notify "merchants, e-commerce sites, financial institutions, social networks, email providers, and other online properties" that the account will soon be recycled. This passes some of the responsibility to online providers, which may now be forced to set up safeguards to protect Yahoo accounts from being misused.
"Can I tell you with 100 percent certainty that it's absolutely impossible for anything to happen? No. But we're going to extraordinary lengths to ensure that nothing bad happens to our users," Yahoo director Dylan Casey told Reuters. Users can reserve their new username from July 15th but only if the account they wish to reclaim has been inactive for more than 12 months. Yahoo will notify users in August if their registration is successful.