Last week, Yahoo announced that it plans to free up thousands of apparently ‘inactive’ email accounts so other Yahoo users and prospective new ones would have a chance at grabbing a user name that’s more personalized. The idea is simple enough – rather than being forced to sign up as John_Smith00730097989834@yahoo.com, you could just use John_Smith@Yahoo.com.

Before you panic, Yahoo only plans to free up those accounts that have been inactive for a year.  If you have a dormant Yahoo mail account and don’t want to part with it just yet, make sure to log in before July 15, 2013 to prevent Yahoo from reclaiming it and letting others use it.

Sounds Good, But There’s a Problem…

SiliconANGLE’s Mike Wheatley was quick to point out that this is a bad idea as it could compromise someones other online accounts.  A freed up Yahoo mail account may have once been assigned as a backup for someone’s Gmail, or it may have been used to sign up for social networks such as Facebook and Twitter.  A simple password reset would therefore allow the new owner of the freed up account to access these online services.

Yahoo’s Response? Don’t Worry, It Knows What Its Doing…

According to Yahoo, there will be a 30-day grace period between the deactivation and the time the IDs will be recycled.  That grace period will be used by Yahoo to bounce back emails to alert the sender that the account has been deactivated.  The deactivated accounts will also be unsubscribed from commercial emails such as newsletters and email alerts. In addition, they also plan to send notifications to merchants, e-commerce sites, financial institutions, social networks, email providers and other online properties potentially used by the deactivated account.

Yahoo also states that all personal data and private content associated with the deactivated account will be deleted and will not be accessible to the new user.  This, Yahoo believes, is enough to prevent people from wreaking havoc online.

Will Yahoo’s security measures be enough?

Maybe, maybe not.  It’s hard to tell whether Yahoo’s security measures would work but there’s going to be hell to pay if they don’t.

“Can I tell you with 100 percent certainty that it’s absolutely impossible for anything to happen? No. But we’re going to extraordinary lengths to ensure that nothing bad happens to our users,” Yahoo director Dylan Casey said.

Hmm…

What makes it worse is that Yahoo really doesn’t need to do this. As an example, when Microsoft faced a similar problem with all of its Hotmail account IDs being used up, it chose to use new domains such as @live.com, @live.co.uk and so on. Why Yahoo doesn’t do something similar is anyone’s guess.

One thing’s for sure, if hackers want to get a hold of an online account, freed up emails or not, they will find a way to get in somehow. We just have to hope and trust that Yahoo hasn’t made it easier for them.