In response to the news that Yahoo! is recycling old email addresses, which is providing new users with old user’s confidential information, including passwords, social security numbers and home addresses, Dwayne Melancon, CTO at Tripwire has made the following comments:
“It’s surprising that Yahoo is recycling emails so soon, but the situation that’s occurring isn’t surprising. After all, if you change mobile numbers your phone number goes back into the pool of available numbers at some point. Anyone who still has your old number will reach the new mobile phone subscriber, rather than you. With recycled emails, it’s no different.
“From a security perspective, this is a great case for using email encryption when transmitting sensitive information. With encryption, even if a new owner takes over your contact’s old email address, they will be unable to read the sensitive data because they will not have the encryption key required to decipher the message.
“Furthermore, I wonder why anyone would use a free email account from Yahoo — or any other free email provider — for information that is so sensitive? That, in itself, seems like a risky choice.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.