Comments:"Thanks For The Identity Theft, Yahoo | b0ing"
URL:http://b0ing.me/thanks-for-the-identity-theft-yahoo/
Yahoo just announced that they’ll be giving away email addresses that have been dormant for an entire year. At first that might not sound like such a bad thing until you consider all the dead people who have Yahoo accounts, people who’ve changed primary email addresses but retain Yahoo accounts, and a million other examples.
They claim that they’re “working with sites like Facebook” to prevent this from being a problem. Well, sorry Yahoo. It’s a fucking problem.
Here are some example queries you might be interested in doing on Google, maybe with the “Custom Range” function or a wildcard for relevant years applied to, say, any year since Yahoo started:
"*@yahoo.com" (posted|written)*(1994|1995|1996|1997|1998|1999|2000|2001|2002|2003|2004|2005|2006|2007|2008|2009) "*(1994|1995|1996|1997|1998|1999|2000|2001|2002|2003|2004|2005|2006|2007|2008|2009)@yahoo.com" "*@yahoo.com" (1994|1995|1996|1997|1998|1999|2000|2001|2002|2003|2004|2005|2006|2007|2008|2009) (bank|finance|trade) "*@yahoo.com" (1994|1995|1996|1997|1998|1999|2000|2001|2002|2003|2004|2005|2006|2007|2008|2009) (linkedin|facebook|myspace)
"*@yahoo.com"(posted|written)*(1994|1995|1996|1997|1998|1999|2000|2001|2002|2003|2004|2005|2006|2007|2008|2009) "*(1994|1995|1996|1997|1998|1999|2000|2001|2002|2003|2004|2005|2006|2007|2008|2009)@yahoo.com" "*@yahoo.com"(1994|1995|1996|1997|1998|1999|2000|2001|2002|2003|2004|2005|2006|2007|2008|2009)(bank|finance|trade) "*@yahoo.com"(1994|1995|1996|1997|1998|1999|2000|2001|2002|2003|2004|2005|2006|2007|2008|2009)(linkedin|facebook|myspace) |
Try tacking these onto all these for more fun:
ext:(pdf|doc|docx|xml|json) site:(gov|mil|edu|biz)
ext:(pdf|doc|docx|xml|json) site:(gov|mil|edu|biz) |
Now go try variations on Facebook, Linkedin, etc.
So basically, I can go collect a huge list of email addresses that are likely to be dormant, apply for only a few on the list on dummy email accounts, and poof. I have brand new email accounts that their owners probably don’t know they lost, and haven’t changed EVERY service they used away from. All Yahoo requires is an email address, and any schmuck can register as many email addresses as he wants, especially if he owns his own domains.
EDIT:
Apparently their answer for preventing fraud is to introduce a new email header from a select few companies like Facebook. This will surely work great, because everyone is capable of modifying their own email servers to send modified headers. “OK, but they’ll take care of the main ones!” Yeah, great, but what about all the email FROM those accounts? To unsuspecting people who have no reason to think otherwise, they could say “Hey, I’m not dead anymore! You should wire me $3000 for a plane ticket!”
This actually has a really good previous precedent that will be on par with it: the time AOL released users’ searches. That went really well for them. With Yahoo’s adult Tumblr debacle unfolding, it looks like now is a better time than ever to short YHOO.
Yahoo, please, please, please, please reconsider this stupid move. It will be bad for you, and very bad for your users.